GHSA-5ff8-jcf9-fw62

Опубликовано: 04 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting (XSS). The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

https://github.com/waylonflinn/markdown-it-katex/issues/26
https://www.npmjs.com/advisories/1466

Пакеты

Наименование

markdown-it-katex

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79