VYPR

npm package

pym.js

pkg:npm/pym.js

Vulnerabilities (1)

  • CVE-2018-1000086HigMar 13, 2018
    affected >= 0.4.2, < 1.3.2fixed 1.3.2

    NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This