This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.
{ "cwe_ids": [ "CWE-79", "CWE-843" ], "severity": "LOW", "nvd_published_at": "2021-11-03T18:15:00Z", "github_reviewed_at": "2021-11-04T17:00:48Z", "github_reviewed": true }