4 matches found
CVE-2022-25863
The CVE concerns gatsby-plugin-mdx vulnerable to Deserialization of Untrusted Data when passing input to the gray-matter component. Affected ranges include versions before 2.14.1, from 3.0.0 up to before 3.15.2. The issue arises from default configurations that do not sanitize input, allowing unt...
@2now/gatsby-theme-minimal-blog (>=1.0.1 <=1.0.15), @2now/gatsby-theme-minimal-blog-core (>=1.0.0 <=1.0.2) +642 more potentially affected by CVE-2022-25863 via gatsby-plugin-mdx (>=1.0.12 <=2.14.0)
gatsby-plugin-mdx NPM version =1.0.12, =1.0.1, =1.0.0, =1.0.0, =2.13.1, =0.0.1, =0.0.2, =1.0.0, =1.0.0, =2.0.1, =0.13.2, =1.0.0, =0.0.8, =0.0.18 - @amberleyromo/gatsby-theme-notes =0.0.1 - @antelopecloud/components =1.0.0-alpha.4.0 and more Source cves: CVE-2022-25863 Source advisory:...
@commercetools-docs/gatsby-theme-docs (>=0.0.0-canary-20220509155217 <=19.1.0), @dcl/docs-site (>=1.0.0-3010867520.commit-1740972 <=1.0.0-20220919140413.commit-6dee65c) potentially affected by CVE-2022-25863 via gatsby-plugin-mdx (=3.13.0)
gatsby-plugin-mdx NPM version =3.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-plugin-mdx and may be impacted: - @commercetools-docs/gatsby-theme-docs =0.0.0-canary-20220509155217, =1.0.0-3010867520.commit-1740972,...
@commercetools-docs/gatsby-theme-docs (>=0.0.0-canary-2021630763 <=17.0.9), @zedvision/zedvision-site (>=13.0.5 <=13.0.11) potentially affected by CVE-2022-25863 via gatsby-plugin-mdx (>=2.0.0 <=2.14.0)
gatsby-plugin-mdx NPM version =2.0.0, =0.0.0-canary-2021630763, =13.0.5, =13.0.11 Source cves: CVE-2022-25863 Source advisory: SNYK:JS-GATSBYPLUGINMDX-2405699...