CVE-2016-10537: Cross-site Scripting

May 31, 2018 (updated October 9, 2019)

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the Model#Escape function of backbone, if a user is able to supply input.

References

github.com/jashkenas/backbone/compare/0.3.3...0.5.0
nvd.nist.gov/vuln/detail/CVE-2016-10537

Detect and mitigate CVE-2016-10537 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →