Skip to content

[BUG] Compodoc : zepto vulnerability  #1416

New issue
New issue
Closed
Closed
[BUG] Compodoc : zepto vulnerability #1416
Assignees
vogloblinsky
Labels
Type: Bug
@turbo-xav

Description

@turbo-xav
turbo-xav
opened on Nov 30, 2023

Hi,

My problem

Compodoc 1.1.23 pulls the lib zepto which is vulnerable to Cross-Site Scripting (XSS) attacks.

My company's IQ server reports the vulnerability and blocks my deployments

Sonatype

Ref : sonatype-2020-1437

Advisories link :https://securitylab.github.com/advisories/GHSL-2020-098-mxss-zepto

Iq recommandation : There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.

My question is :

Is there a next version of compodoc planned without the lib zepto

Thanks

Metadata

Metadata

Assignees

Labels

Type: Bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions