CVE-2019-12313: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 29, 2019 (updated August 4, 2021)

XSS exists in Shave because output encoding is mishandled during the overwrite of an HTML element.

References

github.com/advisories/GHSA-gh4g-3gm9-5wrq
github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954
github.com/dollarshaveclub/shave/compare/852b537...da7371b
nvd.nist.gov/vuln/detail/CVE-2019-12313
www.npmjs.com/advisories/822

Detect and mitigate CVE-2019-12313 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →