fix org.jsoup:jsoup@1.15.1 vulnerabilities

XMLWordPrintable

    • Type: Bug
    • Resolution: Done
    • Priority: Critical
    • 5.13.0, 6.0.0
    • Affects Version/s: 5.12.2
    • Component/s: None
    • None

      Steps to Reproduce

      1. See https://security.snyk.io/package/maven/org.jsoup:jsoup/1.15.1

      Current Result

      Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of HTML including javascript: URL expressions if the non-default SafeList.preserveRelativeLinks option is enabled and no Content Security Policy is set on the website.

      Expected Result

      depends on a version without the vulnerability

      Debug Information

      • How to fix Cross-site Scripting (XSS)?
        Upgrade org.jsoup:jsoup to version 1.15.3 or higher.

            Assignee:
            jumperchen
            Reporter:
            hawk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: