[Snyk: Med] Cross-site scripting in eslint-plugin-no-unsanitized (Due 12/1/2019) #3228

jason-upchurch · 2019-10-02T20:26:14Z

Summary

Medium severity vulnerability found in eslint-plugin-no-unsanitized
Description: Cross-site Scripting (XSS)
Info: https://snyk.io/vuln/SNYK-JS-ESLINTPLUGINNOUNSANITIZED-173734
Introduced through: eslint-plugin-no-unsanitized@3.0.2
From: eslint-plugin-no-unsanitized@3.0.2

As of November 4, 2019, there is no remediation path.

Completion criteria:

Confirm this is a vulnerability

jason-upchurch · 2019-11-04T22:24:34Z

@rfultz is it worth trying to just remove this library from package.json entirely? I believe I understood this to be what you were saying, but want to make sure I note it for this ticket for whoever picks it up. (Maybe me?). Thank you!

jason-upchurch added the Security: moderate Remediate within 60 days label Oct 2, 2019

jason-upchurch added this to the Sprint 10.5 milestone Oct 2, 2019

JonellaCulmer assigned jason-upchurch Nov 5, 2019

jason-upchurch mentioned this issue Nov 5, 2019

removed eslint-plugin-no-unsanitized from package.json #3323

Merged

rfultz closed this as completed in #3323 Nov 14, 2019

patphongs mentioned this issue Feb 29, 2024

Epic: Stability and reliability fecgov/fec-epics#137

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk: Med] Cross-site scripting in eslint-plugin-no-unsanitized (Due 12/1/2019) #3228

[Snyk: Med] Cross-site scripting in eslint-plugin-no-unsanitized (Due 12/1/2019) #3228

jason-upchurch commented Oct 2, 2019 •

edited by JonellaCulmer

jason-upchurch commented Nov 4, 2019

[Snyk: Med] Cross-site scripting in eslint-plugin-no-unsanitized (Due 12/1/2019) #3228

[Snyk: Med] Cross-site scripting in eslint-plugin-no-unsanitized (Due 12/1/2019) #3228

Comments

jason-upchurch commented Oct 2, 2019 • edited by JonellaCulmer

Summary

jason-upchurch commented Nov 4, 2019

jason-upchurch commented Oct 2, 2019 •

edited by JonellaCulmer