org.webjars.npm:tileserver-gl@1.7.0 vulnerabilities

latest version

2.3.1
first published

7 years ago
latest version published

6 years ago
licenses detected
- BSD-2-Clause
  [1.7.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:tileserver-gl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') org.webjars.npm:tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') through the `key` parameter due to improper input sanitization. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious code. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? A fix was pushed into the `master` branch but not yet published.	[0,)
M Cross-site Scripting (XSS) org.webjars.npm:tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.webjars.npm:tileserver-gl`.	[0,)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

org.webjars.npm:tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') through the key parameter due to improper input sanitization. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious code.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

A fix was pushed into the master branch but not yet published.

[0,)

Cross-site Scripting (XSS)

org.webjars.npm:tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.webjars.npm:tileserver-gl.

[0,)

Go back to all versions of this package

org.webjars.npm:tileserver-gl@1.7.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities