Arbitrary Code Injectionxmlhttprequest-ssl
xmlhttprequest-ssl before 1.6.2 when requests are sent synchronously (
xhr.open), malicious user input flowing into
xhr.send could result in arbitrary code being injected and run.
Upgrade to version 1.6.2 or later
Have content suggestions? Visit npmjs.com/support.
publishedAdvisory PublishedMay 4th, 2021
reportedReported by AnonymousMay 4th, 2021