We are using @npmcorp/marky-markdown@12.0.3 in our project and we see there is a critical vulnerability exposed by the dependency sanitize-html@1.27.5
We are using snyk tool to identify vulnerabilities. Here is snyk report:
✗ Arbitrary Code Execution [Critical Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892] in sanitize-html@1.27.5
introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.0.0-beta
✗ Validation Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780] in sanitize-html@1.27.5
introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.3.2
✗ Access Restriction Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786] in sanitize-html@1.27.5
introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.3.1
Can you please look into it and upgrade the sanitize-html dependency?
Thanks
What / Why
We are using @npmcorp/marky-markdown@12.0.3 in our project and we see there is a critical vulnerability exposed by the dependency sanitize-html@1.27.5
We are using snyk tool to identify vulnerabilities. Here is snyk report:
Can you please look into it and upgrade the sanitize-html dependency? Thanks