This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| bootstrap-table(npm) | 0 | N/A | N/A |
CVSS Metrics
