USN-8194-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-8194-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8194-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-8194-1
Upstream
Published
2026-04-21T17:25:51Z
Modified
2026-04-24T10:25:40.206469Z
Summary
php-league-commonmark vulnerabilities
Details

It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-46734)

It was discovered that league/commonmark did not properly block certain disallowed HTML tags in some cases. An attacker could possibly use this issue to cause cross-site scripting by inserting malicious HTML that bypassed filtering. (CVE-2026-30838)

It was discovered that league/commonmark did not properly enforce domain allowlist checks in the Embed extension. An attacker could possibly use this issue to bypass domain restrictions and cause untrusted content to be treated as allowed. This issue only affected Ubuntu 24.04 LTS. (CVE-2026-33347)

References

Affected packages

Ubuntu:Pro:20.04:LTS / php-league-commonmark

Package

Name
php-league-commonmark
Purl
pkg:deb/ubuntu/php-league-commonmark@1.3.1-1ubuntu2+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-1ubuntu2+esm1

Affected versions

1.*
1.1.2-1
1.2.0-1
1.3.0-1
1.3.1-1
1.3.1-1ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-league-commonmark",
            "binary_version": "1.3.1-1ubuntu2+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8194-1.json"
cves_map 
{
    "cves": [],
    "ecosystem": "Ubuntu:Pro:20.04:LTS"
}

Ubuntu:Pro:22.04:LTS / php-league-commonmark

Package

Name
php-league-commonmark
Purl
pkg:deb/ubuntu/php-league-commonmark@1.6.7-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.7-1ubuntu0.1~esm1

Affected versions

1.*
1.5.7-2build1
1.6.6-1build1
1.6.7-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-league-commonmark",
            "binary_version": "1.6.7-1ubuntu0.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8194-1.json"
cves_map 
{
    "cves": [],
    "ecosystem": "Ubuntu:Pro:22.04:LTS"
}

Ubuntu:Pro:24.04:LTS / php-league-commonmark

Package

Name
php-league-commonmark
Purl
pkg:deb/ubuntu/php-league-commonmark@2.4.2-2ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-2ubuntu0.1~esm1

Affected versions

2.*
2.3.9-1
2.4.1-1
2.4.2-1
2.4.2-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-league-commonmark",
            "binary_version": "2.4.2-2ubuntu0.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8194-1.json"
cves_map 
{
    "cves": [],
    "ecosystem": "Ubuntu:Pro:24.04:LTS"
}