Arbitrary Code Injection
Affecting jstree package, versions <3.3.7
jstree is a jquery plugin, that provides interactive trees.
Affected versions of this package are vulnerable to Arbitrary Code Injection attacks due to using the
eval() function in an insecure manner.
jstree to version 3.3.7 or higher.
Do your applications use this vulnerable package?
- Dusan Vuckovic
- Snyk ID
- 15 Oct, 2018
- 21 Oct, 2018