Homepage
About Snyk

octotree@1.0.0 vulnerabilities

Display GitHub code in tree format

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the octotree package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

octotree Display GitHub code in tree format.

Affected versions of the package are vulnerable to Cross-site Scripting (XSS). The filenames are added to jsTree without sanitization. jsTree will render HTML passed as a tree node's text, potentially compromising the GitHub tokens stored in local storage and allowing an attacker to access GitHub sessions.

How to fix Cross-site Scripting (XSS)?

Upgrade octotree to version 1.0.0 or higher.

<1.1
  • M
Cross-site Scripting (XSS)

octotree is a library that allows you to display GitHub code in tree format.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the branch name, which may contain script.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for octotree.

*
Go back to all versions of this package