@elastic/app-search-javascript@7.4.0 vulnerabilities

Javascript client for the Elastic App Search Api

Direct Vulnerabilities

Known vulnerabilities in the @elastic/app-search-javascript package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

@elastic/app-search-javascript is a Javascript client for the Elastic App Search.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). They contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim's web browser.

How to fix Cross-site Scripting (XSS)?

Upgrade @elastic/app-search-javascript to version 7.7.0 or higher.
