shave@0.2.3 vulnerabilities

Shave is a javascript plugin that truncates multi-line text within a html element based on set max height

Direct Vulnerabilities

Known vulnerabilities in the shave package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Scripting (XSS)

shave is a zero dependency JavaScript plugin that truncates multi-line text to fit within an html element based on a set pixel number max-height.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the usage of the insertAdjacentHTML method within an element interface which could fetch possible user input from the innerText property under certain conditions.

How to fix Cross-site Scripting (XSS)?

Upgrade shave to version 2.5.3 or higher.

<2.5.3