Untriaged
Permalink
CVE-2024-37063
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer …
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.
References
Affected products
ydata-profiling
- =<*
- =<3.7.0
Matching in nixpkgs
pkgs.python312Packages.ydata-profiling
Create HTML profiling reports from Pandas DataFrames
-
nixos-unstable -
- nixpkgs-unstable 4.16.1
pkgs.python313Packages.ydata-profiling
Create HTML profiling reports from Pandas DataFrames
-
nixos-unstable -
- nixpkgs-unstable 4.16.1
Package maintainers
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>