11.3.2
5 years ago
8 hours ago
Known vulnerabilities in the @grafana/ui package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
@grafana/ui is a Grafana Components Library Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the core plugin GeoMap, due to SVG-files improper sanitization. Exploiting this vulnerability allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. How to fix Cross-site Scripting (XSS)? Upgrade | >=8.1.0 <8.5.16>=9.0.0 <9.3.6 |