ag-grid@4.0.2 vulnerabilities

Advanced Data Grid / Data Table supporting Javascript / React / AngularJS / Web Components

Direct Vulnerabilities

Known vulnerabilities in the ag-grid package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
HTML Injection

ag-grid is an advanced Data Grid / Data Table supporting Javascript / React / AngularJS / Web Components.

Affected versions of the package are vulnerable to HTML Injection. ag-grid used mozilla's Element.innerHTML, which is vulnerable to Cross-site Scripting (XSS) attacks when used within a user-inputted value. In this case an attacker could insert a malicious username and initiate a XSS attack, like:

<span onclick="alert('hacked!')">John Smith</span>

How to fix HTML Injection?

Upgrade ag-grid to version 5.0.0 or higher.

>=3.3.0 <5.0.0-alpha.0