CVE advisory in upstream cmark-gfm - Githubissues

kivikakk / comrak

CommonMark + GFM compatible Markdown parser and renderer

Other

1.17k stars 140 forks source link

CVE advisory in upstream cmark-gfm #334

Closed gjtorikian closed 1 year ago

gjtorikian commented 1 year ago

https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5

The diff/fix: https://github.com/github/cmark-gfm/compare/0.29.0.gfm.11...0.29.0.gfm.12#diff-013fac9bd58a7cb5ff9ac3b1f3e52ecedea83f1cfeff2ff2e23fdc40f2326cfe

ghost commented 1 year ago

@digitalmoksha If I am not mistaken, #343 fixes this?

digitalmoksha commented 1 year ago

@charlottia yes, #343 fixes the CVE