Описание
Cross-Site Scripting in markdown-to-jsx
Versions of markdown-to-jsx prior to 6.11.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.
Recommendation
Upgrade to version 6.11.4 or later.
Пакеты
Наименование
markdown-to-jsx
npm
Затронутые версииВерсия исправления
< 6.11.4
6.11.4
Дефекты
CWE-79
Дефекты
CWE-79