CVE-2021-23398

State: PUBLISHED · Published: 2021-06-24 · Updated: 2024-09-17 · Assigner: snyk

Description

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

CWE

(none)

Affected

n/a / react-bootstrap-table — v=0 <unspecified [affected]

CVSS

3.1 score=6.1 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P

References

https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286 x_refsource_MISC
https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118 x_refsource_MISC
https://github.com/AllenFang/react-bootstrap-table/issues/2071 x_refsource_MISC

Source

cvelistV5-main/cves/2021/23xxx/CVE-2021-23398.json