Homepage
About Snyk

@elastic/app-search-node@0.7.0 vulnerabilities

Elastic App Search Node.js client

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @elastic/app-search-node package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

@elastic/app-search-node is a Node client for the Elastic App Search.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). They contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim's web browser.

How to fix Cross-site Scripting (XSS)?

Upgrade @elastic/app-search-node to version 7.7.0 or higher.

<7.7.0
Go back to all versions of this package