GMS-2020-710: Cross-Site Scripting in c3

September 1, 2020 (updated September 23, 2021)

Affected versions of c3 are vulnerable to cross-site scripting via improper sanitization of HTML in rendered tooltips.

Recommendation

Update to 0.4.11 or later.

References

github.com/advisories/GHSA-gvg7-pp82-cff3
github.com/c3js/c3/issues/1536
nvd.nist.gov/vuln/detail/CVE-2016-1000240
www.npmjs.com/advisories/138

Detect and mitigate GMS-2020-710 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →