Lucene search
PRIOn knowledge basePRION:CVE-2022-36036HistoryAug 29, 2022 - 6:15 p.m.
Code injection
2022-08-2918:15:00
PRIOn knowledge base
www.prio-n.com
3
mdx-mermaid
code injection
javascript injection
vulnerability
patch
mdxjs
0.0005 Low
EPSS
Percentile
17.8%
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mdx-mermaid | ge | 0.0.1 | |
| mdx-mermaid | lt | 1.3.0 | |
| mdx-mermaid | eq | 2.0.0 rc1 |
Related
nvd
nvd
CVE-2022-36036
2022-08-29 18:15:09
veracode
veracode
Code Injection
2022-08-30 07:20:49
osv
osv
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
2022-08-31 22:26:11
CVE-2022-36036
2022-08-29 18:15:09
cvelist
cvelist
cve
cve
CVE-2022-36036
2022-08-29 18:15:09
github
github
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
2022-08-31 22:26:11