tarteaucitronjs 1.19.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the tarteaucitronjs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L DOM Clobbering tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to DOM Clobbering when setting the `document.currentScript` value. An attacker can cause incorrect script resolution and potentially alter the CDN domain by injecting a DOM element with a conflicting name attribute. How to fix DOM Clobbering? Upgrade `tarteaucitronjs` to version 1.22.0 or higher.	<1.22.0
M Prototype Pollution tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Prototype Pollution via the `addOrUpdate()` function. An attacker who can alter a site's source code can corrupt data and possibly execute scripts. How to fix Prototype Pollution? Upgrade `tarteaucitronjs` to version 1.20.1 or higher.	<1.20.1
M Cross-site Scripting (XSS) tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `getElemAttr`, which accepts unfiltered attribute values. A user with high privileges who can alter the source code of an application can execute scripts by entering a URL containing an insecure scheme such as `javascript:alert()` and convincing another user to follow a link to the URL. How to fix Cross-site Scripting (XSS)? Upgrade `tarteaucitronjs` to version 1.20.1 or higher.	<1.20.1

Vulnerability

Vulnerable Version

DOM Clobbering

tarteaucitronjs is a package that provides compliance to the European cookie law.

Affected versions of this package are vulnerable to DOM Clobbering when setting the document.currentScript value. An attacker can cause incorrect script resolution and potentially alter the CDN domain by injecting a DOM element with a conflicting name attribute.

How to fix DOM Clobbering?

Upgrade tarteaucitronjs to version 1.22.0 or higher.

<1.22.0

Prototype Pollution

tarteaucitronjs is a package that provides compliance to the European cookie law.

Affected versions of this package are vulnerable to Prototype Pollution via the addOrUpdate() function. An attacker who can alter a site's source code can corrupt data and possibly execute scripts.

How to fix Prototype Pollution?

Upgrade tarteaucitronjs to version 1.20.1 or higher.

<1.20.1

Cross-site Scripting (XSS)

tarteaucitronjs is a package that provides compliance to the European cookie law.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in getElemAttr, which accepts unfiltered attribute values. A user with high privileges who can alter the source code of an application can execute scripts by entering a URL containing an insecure scheme such as javascript:alert() and convincing another user to follow a link to the URL.

How to fix Cross-site Scripting (XSS)?

Upgrade tarteaucitronjs to version 1.20.1 or higher.

<1.20.1

tarteaucitronjs@1.19.0 vulnerabilities

tarteaucitron.io - Get a compliant and accessible cookie banner

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically