CVE-2021-43862: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
(updated )
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications.As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way).
References
- github.com/advisories/GHSA-x9r5-jxvq-4387
- github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5
- github.com/jcubic/jquery.terminal/issues/727
- github.com/jcubic/jquery.terminal/releases/tag/2.31.1
- github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387
- nvd.nist.gov/vuln/detail/CVE-2021-43862
Code Behaviors & Features
Detect and mitigate CVE-2021-43862 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →