Potential for Script Injection

Module: syntax-error

Published: July 15th, 2014

Reported by: Cal Leeming

CVE-2014-7192

CWE-94

Vulnerable: < 1.1.1
Patched: >= 1.1.1

Overview

Versions of syntax-error prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified.

Remediation

Update to version 1.1.1 or later.

References

Browserify 4.2.1 Update