braintree/sanitize-url

braintree/sanitize-url

Releases26
Frequency4 months 2 days
Last Release
Stars367

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 6.0.26.1 MEDIUM

sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.

< 6.0.05.4 MEDIUM4.3 MEDIUM

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.