coverage is vulnerable to Cross-Site Scripting (XSS)
76
High Risk
When coverage generates an HTML report with show_contexts enabled, it embeds context labels into the report without sufficient HTML escaping. A crafted context label can break out of its enclosing inline element and inject arbitrary markup into the generated report. Any user who opens the HTML report in a browser is exposed to the injected content. The fix fully HTML-escapes context labels before embedding them into the report.
You are affected if you are using a version that falls within the vulnerable range.
coverage is vulnerable to Cross-Site Scripting (XSS) in versions 7.2.3 - 7.15.0.
Upgrade the coverage library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant