CVE-2020-13973: Cross-site Scripting

June 9, 2020 (updated June 12, 2020)

OWASP json-sanitizer allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.

References

nvd.nist.gov/vuln/detail/CVE-2020-13973

Detect and mitigate CVE-2020-13973 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →