Skip to main content

Test Results

blueswen/grafana-organization-panel

Vulnerabilities

 1 via 2 paths

Dependencies

 388

Source

 GitHub

Commit

 8208201d

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

low severity
new

Arbitrary Code Injection

  • Vulnerable module: prismjs
  • Introduced through: @grafana/ui@11.6.0 and @grafana/runtime@11.6.0

Detailed paths

  • Introduced through: organization-panel@blueswen/grafana-organization-panel#8208201d1e36dd7c3114f2994fb7d6131caea519 @grafana/ui@11.6.0 prismjs@1.29.0
  • Introduced through: organization-panel@blueswen/grafana-organization-panel#8208201d1e36dd7c3114f2994fb7d6131caea519 @grafana/runtime@11.6.0 @grafana/ui@11.6.0 prismjs@1.29.0

Overview

prismjs is a lightweight, robust, elegant syntax highlighting library.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by injecting HTML elements that overshadow legitimate DOM elements.

Note:

This is only exploitable if the application accepts untrusted input containing HTML but not direct JavaScript.

Remediation

Upgrade prismjs to version 1.30.0 or higher.

References

Arbitrary Code Injection vulnerability report