Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability issues #3777

Closed
ManjuSagar opened this issue Oct 9, 2023 · 1 comment
Closed

Security vulnerability issues #3777

ManjuSagar opened this issue Oct 9, 2023 · 1 comment

Comments

@ManjuSagar
Copy link

Currently, there are security vulnerabilities in the D3js version 3.4.1, is there any fix done in the newer versions. I don't see any documentation in the changelog related to the security vulnerability.
@ManjuSagar
Copy link
Author

I am seeing 2 security vulnerabilities in D3.js 

  1. Dynamic Code injection or execution: Where random code can be executed by the attacker in the front-end using the HTML input,

  2. Race Condition: In a multi-threading system, threads need to execute concurrently in some order, but the attacker may exploit the order of execution and he may get access to some data. 

@mbostock mbostock closed this as completed Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbostock @ManjuSagar