GMS-2018-9: Cross Site Scripting

February 6, 2018

On Firefox there is a XSS vulnerability if a malicious attacker can write into the xml:base attribute on an SVG anchor.

References

github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c

Code Behaviors & Features

Detect and mitigate GMS-2018-9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →