CVE-2021-23398: Cross-site Scripting

June 24, 2021 (updated June 30, 2021)

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

References

nvd.nist.gov/vuln/detail/CVE-2021-23398

Detect and mitigate CVE-2021-23398 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →