VDB
EN
HIGH 7.8

PYSEC-2026-2060

ydata cross-site scripting

상세

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ydata-profiling
최초 영향 버전: 3.7.0

No fixed version published yet for ydata-profiling (pip). Pin to a known-safe version or switch to an alternative.

참고