3 matches found
CVE-2021-39199
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...
@anemone/newline-use-comments (=3.0.0), @artur0prets/parcel-transformer-remark (=0.0.3) +100 more potentially affected by CVE-2021-39199 via remark-html (>=10.0.0 <=13.0.1)
remark-html NPM version =10.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.1, =0.1.1, =1.0.0, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-18 and more Source cves: CVE-2021-39199 Source advisory: OSV:GHSA-9Q5W-79CV-947M...
CVE-2021-39199 Cross site scripting via unsafe defaults in remark-html
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...