Description
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
Remediation
References
https://hackerone.com/reports/54327
https://nodesecurity.io/advisories/49
Related Vulnerabilities
CVE-2022-31129 Vulnerability in maven package org.webjars.npm:moment
CVE-2022-0350 Vulnerability in npm package vditor
CVE-2022-29252 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2021-22696 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2
CVE-2018-3721 Vulnerability in npm package lodash.defaultsdeep