Medium severity6.1NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026
CVE-2017-1000042
CVE-2017-1000042
Description
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mapbox.jsnpm | < 1.6.5 | 1.6.5 |
mapbox.jsnpm | >= 2.0.0, < 2.1.7 | 2.1.7 |
mapbox-railsRubyGems | >= 1.0.0, < 1.6.5 | 1.6.5 |
mapbox-railsRubyGems | >= 2.0.0, < 2.1.7 | 2.1.7 |
Affected products
33cpe:2.3:a:mapbox_project:mapbox:1.0.0:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:mapbox_project:mapbox:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.0:beta0:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.2:beta0:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.0.0:beta0:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mapbox_project:mapbox:2.1.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- hackerone.com/reports/54327nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-qr28-7j6p-9hmvghsaADVISORY
- nodesecurity.io/advisories/49nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-1000042ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/mapbox-rails/CVE-2017-1000042.ymlghsaWEB
- www.npmjs.com/advisories/49ghsaWEB
News mentions
0No linked articles in our index yet.