mend-bolt-for-github[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
WS-2020-0103 - Medium Severity Vulnerability
Convert markdown to JSX with ease for React and React-like projects. Super lightweight and highly configurable.
Library home page: https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-6.10.3.tgz
Path to dependency file: /frontend/package.json
Path to vulnerable library: /frontend/node_modules/markdown-to-jsx/package.json
Dependency Hierarchy: - :x: **markdown-to-jsx-6.10.3.tgz** (Vulnerable Library)
Found in HEAD commit: 6f7433f006e282c4f25441e7502b80d73751e38f
Found in base branch: master
Versions of markdown-to-jsx prior to 6.11.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.
Publish Date: 2020-05-20
URL: WS-2020-0103
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2020-05-20
Fix Resolution: 6.11.4
Step up your Open Source Security Game with Mend here