NodeJS/quill/0.19.2

Your powerful, rich text editor

https://www.npmjs.com/package/quill
BSD-3-Clause

2 Security Vulnerabilities

Cross-site Scripting in quill

Published date: 2021-05-10T15:38:12Z
CVE: CVE-2021-3163
Links:

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. No patch exists and no further releases are planned.

This CVE is disputed. Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser. More information can be found here.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.1.4", "0.1.5", "0.1.5-1", "0.19.0", "0.19.1", "0.19.2", "0.19.3", "0.19.4", "0.19.5", "0.19.7", "0.19.8", "0.19.10", "0.19.11", "0.19.12", "0.19.14", "0.20.0", "0.20.1", "1.0.0-beta.0", "1.0.0-beta.1", "1.0.0-beta.2", "1.0.0-beta.3", "1.0.0-beta.4", "1.0.0-beta.5", "1.0.0-beta.6", "1.0.0-beta.8", "1.0.0-beta.9", "1.0.0-beta.10", "1.0.0-beta.11", "1.0.0-rc.0", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0-rc.3", "1.0.0-rc.4", "1.0.0", "1.0.2", "1.0.3", "1.0.4", "1.0.6", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "1.1.9", "1.1.10", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7"]
Secure versions: [2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, 2.0.0-rc.0, 2.0.0-rc.1, 2.0.0-rc.2, 2.0.0-rc.3, 2.0.0-rc.4, 2.0.0-rc.5, 2.0.0, 2.0.1, 2.0.2]
Recommendation: Update to version 2.0.2.

Reverse Tabnabbing in quill

Published date: 2020-09-03T17:19:09Z
Links:

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.1.4", "0.1.5", "0.1.5-1", "0.19.0", "0.19.1", "0.19.2", "0.19.3", "0.19.4", "0.19.5", "0.19.7", "0.19.8", "0.19.10", "0.19.11", "0.19.12", "0.19.14", "0.20.0", "0.20.1", "1.0.0-beta.0", "1.0.0-beta.1", "1.0.0-beta.2", "1.0.0-beta.3", "1.0.0-beta.4", "1.0.0-beta.5", "1.0.0-beta.6", "1.0.0-beta.8", "1.0.0-beta.9", "1.0.0-beta.10", "1.0.0-beta.11", "1.0.0-rc.0", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0-rc.3", "1.0.0-rc.4", "1.0.0", "1.0.2", "1.0.3", "1.0.4", "1.0.6", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "1.1.9", "1.1.10", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6"]
Secure versions: [2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, 2.0.0-rc.0, 2.0.0-rc.1, 2.0.0-rc.2, 2.0.0-rc.3, 2.0.0-rc.4, 2.0.0-rc.5, 2.0.0, 2.0.1, 2.0.2]
Recommendation: Update to version 2.0.2.

78 Other Versions

Version License Security Released
0.1.0 BSD-3-Clause 2 2012-03-25 - 16:10 over 12 years
0.1.1 BSD-3-Clause 2 2012-03-25 - 16:12 over 12 years
0.1.2 BSD-3-Clause 2 2012-03-25 - 16:20 over 12 years
0.1.4 BSD-3-Clause 2 2012-03-25 - 17:02 over 12 years
0.1.5 BSD-3-Clause 2 2012-03-27 - 21:12 over 12 years
0.1.5-1 BSD-3-Clause 2 2012-03-28 - 00:37 over 12 years
0.19.0 BSD-3-Clause 2 2014-11-07 - 05:15 about 10 years
0.19.1 BSD-3-Clause 2 2014-11-07 - 18:41 about 10 years
0.19.2 BSD-3-Clause 2 2014-11-08 - 01:55 about 10 years
0.19.3 BSD-3-Clause 2 2014-11-10 - 03:03 about 10 years
0.19.4 BSD-3-Clause 2 2014-11-16 - 22:53 almost 10 years
0.19.5 BSD-3-Clause 2 2014-11-24 - 00:41 almost 10 years
0.19.7 BSD-3-Clause 2 2014-11-25 - 02:30 almost 10 years
0.19.8 BSD-3-Clause 2 2014-12-09 - 06:20 almost 10 years
0.19.10 BSD-3-Clause 2 2015-03-20 - 07:26 over 9 years
0.19.11 BSD-3-Clause 2 2015-04-25 - 23:59 over 9 years
0.19.12 BSD-3-Clause 2 2015-05-08 - 23:31 over 9 years
0.19.14 BSD-3-Clause 2 2015-06-16 - 23:52 over 9 years
0.20.0 BSD-3-Clause 2 2015-07-27 - 23:01 over 9 years
0.20.1 BSD-3-Clause 2 2015-11-11 - 07:53 almost 9 years
1.0.0-beta.0 BSD-3-Clause 2 2016-05-03 - 19:18 over 8 years
1.0.0-beta.1 BSD-3-Clause 2 2016-05-10 - 00:53 over 8 years
1.0.0-beta.2 BSD-3-Clause 2 2016-05-15 - 05:08 over 8 years
1.0.0-beta.3 BSD-3-Clause 2 2016-05-25 - 03:36 over 8 years
1.0.0-beta.4 BSD-3-Clause 2 2016-06-03 - 05:56 over 8 years
1.0.0-beta.5 BSD-3-Clause 2 2016-06-14 - 02:41 over 8 years
1.0.0-beta.6 BSD-3-Clause 2 2016-06-21 - 00:20 over 8 years
1.0.0-beta.8 BSD-3-Clause 2 2016-07-08 - 04:54 over 8 years
1.0.0-beta.9 BSD-3-Clause 2 2016-07-19 - 00:24 over 8 years
1.0.0-beta.10 BSD-3-Clause 2 2016-08-03 - 03:26 over 8 years
1.0.0-beta.11 BSD-3-Clause 2 2016-08-03 - 21:10 over 8 years
1.0.0-rc.0 BSD-3-Clause 2 2016-08-18 - 07:19 about 8 years
1.0.0-rc.1 BSD-3-Clause 2 2016-08-23 - 05:39 about 8 years
1.0.0-rc.2 BSD-3-Clause 2 2016-08-23 - 22:00 about 8 years
1.0.0-rc.3 BSD-3-Clause 2 2016-08-29 - 23:08 about 8 years
1.0.0-rc.4 BSD-3-Clause 2 2016-08-31 - 18:34 about 8 years
1.0.0 BSD-3-Clause 2 2016-09-06 - 16:01 about 8 years
1.0.2 BSD-3-Clause 2 2016-09-07 - 07:03 about 8 years
1.0.3 BSD-3-Clause 2 2016-09-07 - 22:38 about 8 years
1.0.4 BSD-3-Clause 2 2016-09-19 - 01:01 about 8 years
1.0.6 BSD-3-Clause 2 2016-09-30 - 00:03 about 8 years
1.1.0 BSD-3-Clause 2 2016-10-17 - 03:13 about 8 years
1.1.1 BSD-3-Clause 2 2016-10-21 - 00:57 about 8 years
1.1.2 BSD-3-Clause 2 2016-10-24 - 00:37 about 8 years
1.1.3 BSD-3-Clause 2 2016-10-24 - 21:00 about 8 years
1.1.5 BSD-3-Clause 2 2016-11-07 - 22:57 about 8 years
1.1.6 BSD-3-Clause 2 2016-12-08 - 18:36 almost 8 years
1.1.7 BSD-3-Clause 2 2016-12-13 - 08:45 almost 8 years
1.1.8 BSD-3-Clause 2 2016-12-23 - 09:10 almost 8 years
1.1.9 BSD-3-Clause 2 2017-01-02 - 04:54 almost 8 years
1.1.10 BSD-3-Clause 2 2017-01-16 - 01:22 almost 8 years
1.2.0 BSD-3-Clause 2 2017-01-21 - 09:21 almost 8 years
1.2.1 BSD-3-Clause 2 2017-02-27 - 05:10 over 7 years
1.2.2 BSD-3-Clause 2 2017-02-27 - 09:28 over 7 years
1.2.3 BSD-3-Clause 2 2017-03-29 - 04:14 over 7 years
1.2.4 BSD-3-Clause 2 2017-04-18 - 03:44 over 7 years
1.2.5 BSD-3-Clause 2 2017-05-29 - 04:56 over 7 years
1.2.6 BSD-3-Clause 2 2017-06-05 - 17:21 over 7 years
1.3.0 BSD-3-Clause 2 2017-07-17 - 06:03 over 7 years
1.3.1 BSD-3-Clause 2 2017-08-07 - 09:04 over 7 years
1.3.2 BSD-3-Clause 2 2017-09-04 - 03:18 about 7 years
1.3.3 BSD-3-Clause 2 2017-10-09 - 06:02 about 7 years
1.3.4 BSD-3-Clause 2 2017-11-06 - 07:36 about 7 years
1.3.5 BSD-3-Clause 2 2018-01-22 - 19:24 almost 7 years
1.3.6 BSD-3-Clause 2 2018-03-12 - 06:39 over 6 years
1.3.7 BSD-3-Clause 1 2019-09-09 - 07:15 about 5 years
2.0.0-beta.0 BSD-3-Clause 2023-12-08 - 01:40 11 months
2.0.0-beta.1 BSD-3-Clause 2024-01-21 - 14:50 10 months
2.0.0-beta.2 BSD-3-Clause 2024-01-30 - 10:38 10 months
2.0.0-rc.0 BSD-3-Clause 2024-02-03 - 06:08 9 months
2.0.0-rc.1 BSD-3-Clause 2024-02-12 - 04:37 9 months
2.0.0-rc.2 BSD-3-Clause 2024-02-15 - 08:05 9 months
2.0.0-rc.3 BSD-3-Clause 2024-03-16 - 02:46 8 months
2.0.0-rc.4 BSD-3-Clause 2024-03-24 - 04:43 8 months
2.0.0-rc.5 BSD-3-Clause 2024-04-04 - 13:36 7 months
2.0.0 BSD-3-Clause 2024-04-17 - 00:45 7 months
2.0.1 BSD-3-Clause 2024-05-01 - 09:11 6 months
2.0.2 BSD-3-Clause 2024-05-13 - 06:46 6 months