Homepage

octotree@1.0.0 vulnerabilities

Display GitHub code in tree format

  • latest version

    1.6.1

  • first published

    10 years ago

  • latest version published

    9 years ago

  • licenses detected

  • View octotree package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the octotree package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    octotree Display GitHub code in tree format.

    Affected versions of the package are vulnerable to Cross-site Scripting (XSS). The filenames are added to jsTree without sanitization. jsTree will render HTML passed as a tree node's text, potentially compromising the GitHub tokens stored in local storage and allowing an attacker to access GitHub sessions.

    How to fix Cross-site Scripting (XSS)?

    Upgrade octotree to version 1.0.0 or higher.

    <1.1
    • M
    Cross-site Scripting (XSS)

    octotree is a library that allows you to display GitHub code in tree format.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the branch name, which may contain script.

    How to fix Cross-site Scripting (XSS)?

    There is no fixed version for octotree.

    *
    Go back to all versions of this package