Description
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
Remediation
References
https://hackerone.com/reports/54327
https://nodesecurity.io/advisories/49
Related Vulnerabilities
CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request
CVE-2020-15231 Vulnerability in maven package org.mapfish.print:print-servlet
CVE-2023-29511 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui
CVE-2016-4469 Vulnerability in maven package org.apache.archiva:archiva-webapp