Headline

CVE-2023-3481: Critical CSS inlining XSS Vulnerability Advisory

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.

1 year ago

CVE

Open in Source

#xss #vulnerability #nodejs #git

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Package

npm critters (npm)

Affected versions

0.0.17-0.0.19

Description

Impact

Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential cross-site scripting (XSS) bug.

Patches

The bug has been fixed in v0.0.20.

Workarounds

Upgrading Critters version to >0.0.20 is the easiest fix. This is a non breaking version upgrade so we recommend all users to use v0.0.20.

### Impact Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) bug. ### Patches The bug has been fixed in `v0.0.20`. ### Workarounds Upgrading Critters version to `>0.0.20` is the easiest fix. This is a non breaking version upgrade so we recommend all users to use `v0.0.20`.

1 year ago

ghsa

Open in Source

#xss #vulnerability #google #git #chrome