The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2066482] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2066483]
https://github.com/braintree/sanitize-url/pull/40 https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5069 https://access.redhat.com/errata/RHSA-2022:5069
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23648
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057