Storybook: Denial of Service and XSS vulnerabilities reported by Snyk

Created on 9 Oct 2020  Â·  4Comments  Â·  Source: storybookjs/storybook

✗ Denial of Service [Medium Severity][https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311] in [email protected]
introduced by @storybook/[email protected] > @storybook/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 2.6.1, 3.0.0-beta.9
✗ Cross-site Scripting (XSS) [High Severity][https://snyk.io/vuln/SNYK-JS-PRISMJS-597628] in [email protected]
introduced by @storybook/[email protected] > @storybook/[email protected] > [email protected] > [email protected] > [email protected] and 9 other path(s)
This issue was fixed in versions: 1.21.0

picture dpouliot
👍2

Most helpful comment

6.1 is the next branch:

https://github.com/storybookjs/storybook/blob/next/addons/storysource/package.json

picture shilman on 22 Oct 2020
👍3

All 4 comments

react-syntax-highlighter should be upgraded to at least 13.3.1. I assume this hasn't been done yet because of the breaking changes introduced in v13.0.0.

KSJake picture KSJake on 19 Oct 2020

react-syntax-highlighter is 13.5.0 in 6.1

shilman picture shilman on 19 Oct 2020
🚀2

Doesn't appear that the addons have been updated, for example:
https://github.com/storybookjs/storybook/blob/master/addons/storysource/package.json

tylercraft picture tylercraft on 21 Oct 2020

6.1 is the next branch:

https://github.com/storybookjs/storybook/blob/next/addons/storysource/package.json

shilman picture shilman on 22 Oct 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Jonovono picture Jonovono  Â·  3Comments
sakulstra picture sakulstra  Â·  3Comments
tlrobinson picture tlrobinson  Â·  3Comments
miljan-aleksic picture miljan-aleksic  Â·  3Comments
dnlsandiego picture dnlsandiego  Â·  3Comments