CVE-2023-26485 - Githubissues

r-lib / commonmark

High Performance CommonMark and Github Markdown Rendering in R

https://docs.ropensci.org/commonmark/

Other

88 stars 11 forks source link

CVE-2023-26485 #26

Closed charles-plessy closed 5 months ago

charles-plessy commented 12 months ago

Hello, the cmark version in this R package is affected by CVE-2023-26485. I am not sure about the practical impact on the package, but to clear the issue out of the way, would it be possible to upgrade? Thanks!

trbailey326 commented 7 months ago

Is there any ongoing effort to upgrade the cmark version used in this package? I see the vulnerability in cmark was patched in version 0.29.0.gfm.10 - https://www.cve.org/CVERecord?id=CVE-2023-26485.

jeroen commented 7 months ago

Go for it

infotroph commented 5 months ago

Was this fixed in #30?

jeroen commented 5 months ago

Yes, thanks