NodeJS/backbone/0.1.2
Give your JS App some Backbone with Models, Views, Collections, and Events.
https://www.npmjs.com/package/backbone
MIT
2 Security Vulnerabilities
Cross-Site Scripting in backbone
- https://nvd.nist.gov/vuln/detail/CVE-2016-10537
- https://github.com/advisories/GHSA-j6p2-cx3w-6jcp
- https://github.com/jashkenas/backbone/commit/0cdc525961d3fa98e810ffae6bcc8e3838e36d93
- https://backbonejs.org/#changelog
- https://www.npmjs.com/advisories/108
- https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008
- https://nodesecurity.io/advisories/108
Affected versions of backbone
are vulnerable to cross-site scripting when users are allowed to supply input to the Model#Escape
function, and the output is then written to the DOM.
The vulnerability occurs as a result of the regular expression used to encode metacharacters failing to take HTML Entities such as <
into account.
Recommendation
Update to version 0.5.0 or later.
Cross Site Scripting
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON
There exists a potential Cross Site Scripting vulnerability in the Model#Escape
function if a user is able to supply input.
This is due to the regex that's replacing things to miss the conversion of things such as <
to <
.
31 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.1.1 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.1.2 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.2.0 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.3.0 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.3.1 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.3.2 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.3.3 | MIT | 2 | 2011-07-01 - 17:58 | almost 13 years |
0.5.0 | MIT | 2011-07-01 - 17:58 | almost 13 years | |
0.5.1 | MIT | 2011-07-05 - 14:00 | almost 13 years | |
0.5.2 | MIT | 2011-07-26 - 17:32 | almost 13 years | |
0.5.3 | MIT | 2011-08-09 - 14:39 | almost 13 years | |
0.9.0 | MIT | 2012-01-30 - 21:25 | over 12 years | |
0.9.1 | MIT | 2012-02-02 - 21:55 | over 12 years | |
0.9.2 | MIT | 2012-03-21 - 18:57 | about 12 years | |
0.9.9 | MIT | 2012-12-13 - 22:48 | over 11 years | |
0.9.10 | MIT | 2013-01-15 - 20:33 | over 11 years | |
1.0.0 | MIT | 2013-03-20 - 12:16 | about 11 years | |
1.1.0 | MIT | 2013-10-11 - 01:05 | over 10 years | |
1.1.1 | MIT | 2014-02-13 - 19:57 | about 10 years | |
1.1.2 | MIT | 2014-02-20 - 21:32 | about 10 years | |
1.2.0 | MIT | 2015-05-13 - 22:06 | almost 9 years | |
1.2.1 | MIT | 2015-06-04 - 22:09 | almost 9 years | |
1.2.2 | MIT | 2015-08-19 - 19:05 | over 8 years | |
1.2.3 | MIT | 2015-09-03 - 15:56 | over 8 years | |
1.3.1 | MIT | 2016-03-04 - 03:07 | about 8 years | |
1.3.2 | MIT | 2016-03-12 - 17:11 | about 8 years | |
1.3.3 | MIT | 2016-04-05 - 17:45 | about 8 years | |
1.4.0 | MIT | 2019-02-19 - 18:31 | about 5 years | |
1.4.1 | MIT | 2022-02-26 - 00:30 | about 2 years | |
1.5.0 | MIT | 2023-07-28 - 16:05 | 10 months | |
1.6.0 | MIT | 2024-02-05 - 21:19 | 3 months |