-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-site scripting (XSS) vulnerability CVE-2024-37063 #1599
Closed
3 tasks done
Labels
security 👮
Vulerabilities in the codebase
Comments
graingert-coef
added a commit
to graingert-coef/ydata-profiling
that referenced
this issue
Jun 11, 2024
fabclmnt
pushed a commit
to graingert-coef/ydata-profiling
that referenced
this issue
Jul 8, 2024
3 tasks
fabclmnt
added
security 👮
Vulerabilities in the codebase
and removed
needs-triage
labels
Jul 10, 2024
Solved with PR #1626 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Behaviour
GHSA-2r57-2mrh-ggjv
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.
References
Expected Behaviour
Secured
Data Description
N/A
Code that reproduces the bug
No response
pandas-profiling version
Dependencies
OS
All OSes
Checklist
The text was updated successfully, but these errors were encountered: