Nerds Pledge Magnanimously
syntax-error

Potential for Script Injection

Severity: low

Overview

Versions of syntax-error prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified.

Remediation

Update to version 1.1.1 or later.

Vulnerable versions

0.0.0
6 years ago
0.0.1
5 years ago
0.1.0
5 years ago
1.0.0
4 years ago
1.1.0
4 years ago

Unaffected versions

1.1.1
4 years ago
1.1.2
4 years ago
1.1.3
3 years ago
1.1.4
3 years ago
1.1.5
3 years ago
1.1.6
2 years ago
1.2.0
a year ago
1.3.0
a year ago
1.4.0
6 months ago

Advisory timeline

  1. Published

    Advisory published
    Jul 15th, 2014
  2. Reported

    Initial report by Cal Leeming
    Oct 17th, 2015