React
Security
react-markdown-insecure-html
react-markdown-insecure-html
Overwriting transformLinkUri
or transformImageUri
to something insecure, or turning allowDangerousHtml
on, or turning escapeHtml
off, will open the code up to XSS vectors.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
react-insecure-request
react-insecure-request
Unencrypted request over HTTP detected.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures