HIGH 7.8
PYSEC-2026-2060
ydata cross-site scripting
상세
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / ydata-profiling
최초 영향 버전:
3.7.0 No fixed version published yet for ydata-profiling (pip). Pin to a known-safe version or switch to an alternative.