Deno Doc DC-2024-53599 (Low)

2024-11-25

Platform: deno_doc

Version: All versions before a fix is released

Vulnerability: Cross-site Scripting (XSS)

Severity: Low

Date: November 25, 2024

What Undercode Says:

Deno Doc, a documentation generator for Deno code, contained two XSS vulnerabilities that could potentially be exploited if using the `deno doc –html` flag. These vulnerabilities would only impact users generating documentation locally and not intended for a public-facing website.

Vulnerability 1: The generated `search_index.js` file used `innerHTML` on unsanitized user input. This could allow for script injection if the user provided malicious code.
Vulnerability 2: Deno Doc did not sanitize property, method, and enum names within the generated documentation. This could potentially allow for a more complex XSS attack but is considered low risk due to the expected use case.

Recommendation:

Update Deno Doc to the latest version once a fix is available.

Additional Notes:

This vulnerability is considered low risk due to the expected use case of `deno doc –html` being for local documentation generation. However, it’s still recommended to update to the latest version of Deno Doc once a fix is released.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top