reveal-2.6.2.js: 1 vulnerabilities (highest severity is: 6.1)
Opened this issue · 0 comments
Vulnerable Library - reveal-2.6.2.js
The HTML Presentation Framework
Library home page: https://cdnjs.cloudflare.com/ajax/libs/reveal.js/2.6.2/js/reveal.js
Path to dependency file: /slides/search/Search---A-Journey-of-Delivery-on-a-Budget/reveal.js/plugin/markdown/example.html
Path to vulnerable library: /slides/search/Search---A-Journey-of-Delivery-on-a-Budget/reveal.js/plugin/markdown/../../js/reveal.js
Found in HEAD commit: 69c30ec227cf4ed8e14a7dec63e3552e78da0da1
Vulnerabilities
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-8127 | Medium | 6.1 | reveal-2.6.2.js | Direct | reveal.js - 3.9.2 | ❌ |
Details
CVE-2020-8127
Vulnerable Library - reveal-2.6.2.js
The HTML Presentation Framework
Library home page: https://cdnjs.cloudflare.com/ajax/libs/reveal.js/2.6.2/js/reveal.js
Path to dependency file: /slides/search/Search---A-Journey-of-Delivery-on-a-Budget/reveal.js/plugin/markdown/example.html
Path to vulnerable library: /slides/search/Search---A-Journey-of-Delivery-on-a-Budget/reveal.js/plugin/markdown/../../js/reveal.js
Dependency Hierarchy:
- ❌ reveal-2.6.2.js (Vulnerable Library)
Found in HEAD commit: 69c30ec227cf4ed8e14a7dec63e3552e78da0da1
Found in base branch: master
Vulnerability Details
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
Publish Date: 2020-02-28
URL: CVE-2020-8127
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8127
Release Date: 2020-03-03
Fix Resolution: reveal.js - 3.9.2
Step up your Open Source Security Game with Mend here