GHSA-mg69-6j3m-jvgw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mg69-6j3m-jvgw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-mg69-6j3m-jvgw/GHSA-mg69-6j3m-jvgw.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-mg69-6j3m-jvgw
- Published
- 2020-09-03T15:45:08Z
- Modified
- 2021-10-04T20:55:27Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- HTML Injection in marky-markdown
- Details
-
All versions of
marky-markdownare vulnerable to HTML Injection. The package fails to sanitizestyleattributes inimgtags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML.Recommendation
This package is no longer maintained. Please upgrade to
@npmcorp/marky-markdown - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-08-31T19:00:28Z" }- References
Affected packages
npm / marky-markdown
Package
- Name
- marky-markdown
- View open source insights on deps.dev
- Purl
- pkg:npm/marky-markdown