{"source":1095088,"name":"xmlhttprequest-ssl","dependency":"xmlhttprequest-ssl","title":"xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection","url":"https://github.com/advisories/GHSA-h4j5-c7cj-74xg","severity":"critical","versions":["1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1","1.6.2","1.6.3","2.0.0","2.1.0","2.1.1","2.1.2","3.0.0","3.1.0"],"vulnerableVersions":["1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1"],"cwe":["CWE-94"],"cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"range":"<1.6.2","id":"gLvbLJ0i2qohu7Y0ZwckADxuGB4f4dRnW1Gvrv/POtaKkYNZercGJKfOFKfyjQ2ihOpUT+9Mg2xXlZLu2N2Urg=="}