CVE-2021-21316: Injection Vulnerability

February 16, 2021 (updated February 26, 2021)

In less-openui5, when processing theming resources (i.e. *.less files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process.

References

nvd.nist.gov/vuln/detail/CVE-2021-21316

Detect and mitigate CVE-2021-21316 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →