CVE-2017-1000043

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control

Date published : 2017-07-13

https://nodesecurity.io/advisories/74

https://hackerone.com/reports/99245