HTML tag injection · GHSA-9vhv-p9r7-rm53 · GitHub Advisory Database · GitHub

HTML tag injection

Moderate severity GitHub Reviewed Published Feb 23, 2021 to the GitHub Advisory Database • Updated Jan 9, 2023

Withdrawn This advisory was withdrawn on Feb 23, 2021

Package

serve-handler (npm)

Affected versions

< 5.0.3

Patched versions

5.0.3

Description

Serve Handler, before 5.0.3, has a XSS via HTML tag injection in directory lisiting page.

References

Reviewed Jun 6, 2019

Published to the GitHub Advisory Database Feb 23, 2021

Withdrawn Feb 23, 2021

Last updated Jan 9, 2023