GMS-2016-44: DOM-based XSS
Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting. The three functions are tools.parse_response
, helper.get.visible_emails_post
, and helper.get.email_data_post
. Each one of these functions calls new Function()
with user data passed as the argument.
References
Detect and mitigate GMS-2016-44 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →