CVE-2021-23414

Publication date

2021-07-28 07:20:11

Family

snyk

State

PUBLISHED

Description

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.