Description
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
Remediation
References
https://hackerone.com/reports/331110
Related Vulnerabilities
CVE-2020-2303 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2019-19771 Vulnerability in npm package bpi39
CVE-2020-26256 Vulnerability in npm package fast-csv
CVE-2018-3721 Vulnerability in maven package org.webjars.bower:lodash