5 matches found
CVE-2022-36036
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
CVE-2022-36036
creationtimestamp| type| source ---|---|--- 2022-08-29 22:34:26+00:00| seen| https://t.me/cibsecurity/49003...
CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
CVE-2022-36036
**Summary**CVE-2022-36036 affects the mdx-mermaid component, enabling arbitrary JavaScript injection by placing code into mermaid blocks. Versions affected: < 1.3.0 and
CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...