This repository has been archived by the owner on Aug 5, 2024. It is now read-only.
markdown-to-jsx-6.10.3.tgz: 1 vulnerabilities (highest severity is: 6.5) #39
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Vulnerable Library - markdown-to-jsx-6.10.3.tgz
Convert markdown to JSX with ease for React and React-like projects. Super lightweight and highly configurable.
Library home page: https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-6.10.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/markdown-to-jsx/package.json
Found in HEAD commit: 7b22d0a7359c50785295f4edb6dc17a5631e26e0
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2020-0103
Vulnerable Library - markdown-to-jsx-6.10.3.tgz
Convert markdown to JSX with ease for React and React-like projects. Super lightweight and highly configurable.
Library home page: https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-6.10.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/markdown-to-jsx/package.json
Dependency Hierarchy:
Found in HEAD commit: 7b22d0a7359c50785295f4edb6dc17a5631e26e0
Found in base branch: main
Vulnerability Details
Versions of markdown-to-jsx prior to 6.11.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.
Publish Date: 2020-05-20
URL: WS-2020-0103
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-05-20
Fix Resolution: 6.11.4
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: