Description
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
Remediation
References
https://nodesecurity.io/advisories/49
https://hackerone.com/reports/54327
Related Vulnerabilities
CVE-2022-36031 Vulnerability in npm package directus
CVE-2017-12612 Vulnerability in maven package org.apache.spark:spark-core_2.11
CVE-2023-47323 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2020-26945 Vulnerability in maven package org.mybatis:mybatis
CVE-2012-0393 Vulnerability in maven package org.apache.struts.xwork:xwork-core