Homepage

tileserver-gl@3.1.1 vulnerabilities

Map tile server for JSON GL styles - vector and server side generated raster tiles

  • latest version

    5.0.0

  • latest non vulnerable version

    5.0.0

  • first published

    8 years ago

  • latest version published

    3 months ago

  • licenses detected

  • View tileserver-gl package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the tileserver-gl package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    tileserver-gl is a Map tile server for JSON GL styles - vector and server side generated raster tiles

    Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') through the key parameter due to improper input sanitization. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious code.

    How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

    Upgrade tileserver-gl to version 4.5.0 or higher.

    <4.5.0
    Go back to all versions of this package