CVE-2019-14722: XSS

September 10, 2019 (updated September 13, 2019)

Verdaccio is vulnerable to XSS which allows malicious JavaScript packages to be executed in the user interface and steal user credentials.

References

github.com/verdaccio/verdaccio/security/advisories/GHSA-78j5-gcmf-vqc8
nvd.nist.gov/vuln/detail/CVE-2019-14772
www.npmjs.com/advisories/832

Detect and mitigate CVE-2019-14722 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →