AIKIDO-2025-10769
sitemap is vulnerable to Improper Input Validation
75
High Risk
This Affects:
sitemapTL;DR
Affected versions of this package are vulnerable to a Protocol Injection Vulnerability due to insufficient URL validation, which fails to prevent the injection of malicious protocols such as javascript:, data:, file:, and ftp:. This flaw allows attackers to craft URLs that bypass security measures, potentially leading to arbitrary code execution in the user's browser or unauthorized access to local files when the application processes untrusted input. Exploitation occurs when an attacker submits a manipulated URL that leverages these protocols, exploiting the lack of enforced HTTP/HTTPS restrictions and improper URL format validation to compromise system integrity or steal sensitive data.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
sitemap is vulnerable to Improper Input Validation in versions 7.1.0 - 8.0.2.
How to fix this
Upgrade the sitemap library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant