0.001 Low
EPSS
Percentile
41.3%
vega is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via a malicious Vega expression.
github.com/vega/vega/issues/3018
github.com/vega/vega/pull/3019
github.com/vega/vega/releases/tag/v5.17.3
github.com/vega/vega/security/advisories/GHSA-r2qc-w64x-6j54
www.npmjs.com/package/vega