CVE-2022-0177
Cross-site Scripting (XSS) – DOM in GitHub repository mrdoob/three.js prior to 0.137.0.
Date published : 2022-01-24
https://huntr.dev/bounties/16901080-99b4-4fb5-8c5b-931bfbf33cba
https://github.com/mrdoob/three.js/commit/0c31bc605e21965aad8a6479bb1969351773f76d