Skip to main content

Test Results

amrabed/amrabed.github.io:package.json

Vulnerabilities

 1 via 1 paths

Dependencies

 347

Source

 GitHub

Commit

 428d5495

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

medium severity
new

MPL-2.0 license

  • Module: @vercel/analytics
  • Introduced through: @vercel/analytics@1.5.0

Detailed paths

  • Introduced through: amrabed.com@amrabed/amrabed.github.io#428d5495a114c3ae0a307ec6dec30258cc1958c8 @vercel/analytics@1.5.0

MPL-2.0 license

MPL-2.0 license vulnerability report

low severity
new

Arbitrary Code Injection

  • Vulnerable module: prismjs
  • Introduced through: react-syntax-highlighter@15.6.1

Detailed paths

  • Introduced through: amrabed.com@amrabed/amrabed.github.io#428d5495a114c3ae0a307ec6dec30258cc1958c8 react-syntax-highlighter@15.6.1 refractor@3.6.0 prismjs@1.27.0

Overview

prismjs is a lightweight, robust, elegant syntax highlighting library.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by injecting HTML elements that overshadow legitimate DOM elements.

Note:

This is only exploitable if the application accepts untrusted input containing HTML but not direct JavaScript.

Remediation

Upgrade prismjs to version 1.30.0 or higher.

References

Arbitrary Code Injection vulnerability report