CVE-2021-23398
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P
Summary
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | react-bootstrap-table | 0 < unspecified | affected |
Weaknesses
- Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
- https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
- https://github.com/AllenFang/react-bootstrap-table/issues/2071
References
- https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
- https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
- https://github.com/AllenFang/react-bootstrap-table/issues/2071
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.