Description
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
Remediation
References
https://nodesecurity.io/advisories/49
https://hackerone.com/reports/54327
Related Vulnerabilities
CVE-2016-6794 Vulnerability in maven package org.apache.tomcat:tomcat-util-scan
CVE-2022-3423 Vulnerability in npm package nocodb
CVE-2018-18854 Vulnerability in maven package io.spray:spray-json
CVE-2020-15999 Vulnerability in npm package electron
CVE-2023-30522 Vulnerability in maven package org.jenkins-ci.plugins:fogbugz