@platejs/media@53.0.1

Plate Media plugin

  • latest version

    53.1.4

  • latest non vulnerable version

  • first published

    1 years ago

  • latest version published

    27 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @platejs/media package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Cross-site Scripting (XSS)

    @platejs/media is a Plate Media plugin

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the useMediaState file. An attacker can execute arbitrary JavaScript in the context of the victim's browser by crafting a document that sets a trusted video provider while supplying a javascript: URL as the iframe source, which is rendered directly when the document is opened.

    How to fix Cross-site Scripting (XSS)?

    Upgrade @platejs/media to version 53.1.4 or higher.

    >=53.0.0 <53.1.4