npm package
gmail-js
pkg:npm/gmail-js
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1000228 | hig | — | < 0.6.5 | 0.6.5 | Sep 1, 2020 | Affected versions of `gmail-js` are vulnerable to cross-site scripting in the `tools.parse_response`, `helper.get.visible_emails_post`, and `helper.get.email_data_post` functions, which pass user input directly into the Function constructor. ## Recommendation Update to versio |
- affected < 0.6.5fixed 0.6.5
Affected versions of `gmail-js` are vulnerable to cross-site scripting in the `tools.parse_response`, `helper.get.visible_emails_post`, and `helper.get.email_data_post` functions, which pass user input directly into the Function constructor. ## Recommendation Update to versio