CVE-2019-15603: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 1, 2020 (updated January 8, 2021)

The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing.

References

github.com/advisories/GHSA-4g46-5grc-wq49
hackerone.com/reports/665302
nvd.nist.gov/vuln/detail/CVE-2019-15603
www.npmjs.com/advisories/1451

Detect and mitigate CVE-2019-15603 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →