Markdown injection

Reported by Emanuel Bronshtein:

Markdown injection
in:
    https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144
    https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144
commit message & issue title are inserted into markdown link text context without escaping.
sample injection:
    A](https://phishing.com) [t

fix:
    escape needed chars:
        \ ]
    in order to avoid the injection.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Markdown injection #2

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Markdown injection #2

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions