This issue has been validated on a live customer website (I am a Penetration Tester), and on a Proof-of-Concept React app.
Due to the potential for exploitation on live websites the payload is not detailed here.
I have reached out directly to @jpuri with the payload and will update the details here when instructed to, or after a reasonable period if responses are not forthcoming.
Feel free to reach out, my goal is to enhance the security of this very useful package.
Thanks!
This issue has been validated on a live customer website (I am a Penetration Tester), and on a Proof-of-Concept React app.
Due to the potential for exploitation on live websites the payload is not detailed here.
I have reached out directly to @jpuri with the payload and will update the details here when instructed to, or after a reasonable period if responses are not forthcoming.
Feel free to reach out, my goal is to enhance the security of this very useful package.
Thanks!