Vulnerability found by Webstorm through Mend.io and NPM

[TheDogHusky]

Hey!

I have no idea if this is a false positive.
I recently had both NPM and Webstorm tell me Showdown version 2.1.0 had a vulnerability.

https://safe.classydev.fr/webstorm64_1_Pbxu_M_Red1-RkTcocasTmHHiOfzplq6mGBOTYmb9uzr.png
Here is the Mend.io link: https://www.mend.io/vulnerability-database/CVE-2024-1899

Thanks in advance!

Adam

[marcellino-ornelas]

Synk is also reporting the same thing 😃

https://security.snyk.io/vuln/SNYK-JS-SHOWDOWN-8685130

Any ETA on a fix? Sync says that a fix was pushed to your default branch but wasn't published yet 🤔

[kapilshinde2]

Same for me. Snyk reported the security issue and we need to migrate to other package (as per management), if there is no fix soon.