Sign in Subscribe

npm package

@braintree/sanitize-url

pkg:npm/%40braintree/sanitize-url

Vulnerabilities (2)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-48345		—		< 6.0.1	6.0.1	Feb 24, 2023	sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVE-2021-23648		—		< 6.0.0	6.0.0	Mar 16, 2022	The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

CVE-2022-48345Feb 24, 2023
affected < 6.0.1fixed 6.0.1
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVE-2021-23648Mar 16, 2022
affected < 6.0.0fixed 6.0.0
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.