NodeJS/backbone/0.1.1

Give your JS App some Backbone with Models, Views, Collections, and Events.

https://www.npmjs.com/package/backbone
MIT

2 Security Vulnerabilities

Cross-Site Scripting in backbone

Published date: 2019-02-18T23:39:55Z
CVE: CVE-2016-10537
Links:

Affected versions of backbone are vulnerable to cross-site scripting when users are allowed to supply input to the Model#Escape function, and the output is then written to the DOM.

The vulnerability occurs as a result of the regular expression used to encode metacharacters failing to take HTML Entities such as < into account.

Recommendation

Update to version 0.5.0 or later.

Affected versions: ["0.3.2", "0.3.3", "0.1.1", "0.1.2", "0.2.0", "0.3.0", "0.3.1"]
Secure versions: [0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.9.0, 0.9.1, 0.9.10, 0.9.2, 0.9.9, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1]
Recommendation: Update to version 1.6.1.

Cross Site Scripting

Published date: 2016-05-23
CVSS Score: 6.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Coordinating vendor: ^Lift Security
Links:

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON

There exists a potential Cross Site Scripting vulnerability in the Model#Escape function if a user is able to supply input.

This is due to the regex that's replacing things to miss the conversion of things such as &#60; to <.

Affected versions: ["0.1.1", "0.1.2", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "NodeJS/backbone/0.3.2", "NodeJS/backbone/0.3.3", "NodeJS/backbone/0.1.1", "NodeJS/backbone/0.1.2", "NodeJS/backbone/0.2.0", "NodeJS/backbone/0.3.0", "NodeJS/backbone/0.3.1"]
Secure versions: [0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.9.0, 0.9.1, 0.9.10, 0.9.2, 0.9.9, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1]
Recommendation: Upgrade to at least version 0.5.0

32 Other Versions

Version License Security Released
1.6.1 MIT 2025-04-01 - 11:05 3 months
1.6.0 MIT 2024-02-05 - 21:19 over 1 year
1.5.0 MIT 2023-07-28 - 16:05 almost 2 years
1.4.1 MIT 2022-02-26 - 00:30 over 3 years
1.4.0 MIT 2019-02-19 - 18:31 over 6 years
1.3.3 MIT 2016-04-05 - 17:45 over 9 years
1.3.2 MIT 2016-03-12 - 17:11 over 9 years
1.3.1 MIT 2016-03-04 - 03:07 over 9 years
1.2.3 MIT 2015-09-03 - 15:56 almost 10 years
1.2.2 MIT 2015-08-19 - 19:05 almost 10 years
1.2.1 MIT 2015-06-04 - 22:09 about 10 years
1.2.0 MIT 2015-05-13 - 22:06 about 10 years
1.1.2 MIT 2014-02-20 - 21:32 over 11 years
1.1.1 MIT 2014-02-13 - 19:57 over 11 years
1.1.0 MIT 2013-10-11 - 01:05 almost 12 years
1.0.0 MIT 2013-03-20 - 12:16 over 12 years
0.9.10 MIT 2013-01-15 - 20:33 over 12 years
0.9.9 MIT 2012-12-13 - 22:48 over 12 years
0.9.2 MIT 2012-03-21 - 18:57 over 13 years
0.9.1 MIT 2012-02-02 - 21:55 over 13 years
0.9.0 MIT 2012-01-30 - 21:25 over 13 years
0.5.3 MIT 2011-08-09 - 14:39 almost 14 years
0.5.2 MIT 2011-07-26 - 17:32 almost 14 years
0.5.1 MIT 2011-07-05 - 14:00 about 14 years
0.5.0 MIT 2011-07-01 - 17:58 about 14 years
0.3.3 MIT 2 2011-07-01 - 17:58 about 14 years
0.3.2 MIT 2 2011-07-01 - 17:58 about 14 years
0.3.1 MIT 2 2011-07-01 - 17:58 about 14 years
0.3.0 MIT 2 2011-07-01 - 17:58 about 14 years
0.2.0 MIT 2 2011-07-01 - 17:58 about 14 years
0.1.2 MIT 2 2011-07-01 - 17:58 about 14 years
0.1.1 MIT 2 2011-07-01 - 17:58 about 14 years