Homepage
About Snyk

tileserver-gl@2.6.0 vulnerabilities

Map tile server for JSON GL styles - vector and server side generated raster tiles

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tileserver-gl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') through the key parameter due to improper input sanitization. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious code.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

Upgrade tileserver-gl to version 4.5.0 or higher.

<4.5.0
  • M
Cross-site Scripting (XSS)

tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.

How to fix Cross-site Scripting (XSS)?

Upgrade tileserver-gl to version 3.1.0 or higher.

<3.1.0
Go back to all versions of this package