EUVD-2022-6094

Malicious code in bioql PyPI...

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

Deserialization of untrusted data

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

CVE-2022-25863

The CVE concerns gatsby-plugin-mdx vulnerable to Deserialization of Untrusted Data when passing input to the gray-matter component. Affected ranges include versions before 2.14.1, from 3.0.0 up to before 3.15.2. The issue arises from default configurations that do not sanitize input, allowing unt...

CVE-2022-25863 Deserialization of Untrusted Data

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

Arbitrary Code Injection

gatsby-plugin-mdx is vulnerable to arbitrary code injection. The vulnerability exists because the gatsby-plugin-mdx allows JS engine for frontmatter by default due to untrusted inputs which allows an attacker to inject arbitrary codes...

@2now/gatsby-theme-minimal-blog (>=1.0.1 <=1.0.15), @2now/gatsby-theme-minimal-blog-core (>=1.0.0 <=1.0.2) +643 more potentially affected by CVE-2022-25863 via gatsby-plugin-mdx (>=1.0.12 <=2.14.0)

gatsby-plugin-mdx NPM version =1.0.12, =1.0.1, =1.0.0, =1.0.0, =2.13.1, =0.0.1, =0.0.2, =1.0.0, =1.0.0, =2.0.1, =0.13.2, =1.0.0, =0.0.8, =0.0.18 - @amberleyromo/gatsby-theme-notes =0.0.1 - @antelopecloud/components =1.0.0-alpha.4.0 and more Source cves: CVE-2022-25863 Source advisory:...

GHSA-MJ46-R4GR-5X83 Unsanitized JavaScript code injection possible in gatsby-plugin-mdx

Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present when passing input in both webpack MDX fil...

@commercetools-docs/gatsby-theme-docs (>=0.0.0-canary-20220509155217 <=19.1.0), @dcl/docs-site (>=1.0.0-3010867520.commit-1740972 <=1.0.0-20220919140413.commit-6dee65c) potentially affected by CVE-2022-25863 via gatsby-plugin-mdx (=3.13.0)

gatsby-plugin-mdx NPM version =3.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-plugin-mdx and may be impacted: - @commercetools-docs/gatsby-theme-docs =0.0.0-canary-20220509155217, =1.0.0-3010867520.commit-1740972,...

Deserialization of Untrusted Data

Overview gatsby-plugin-mdx is a MDX integration for Gatsby Affected versions of this package are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this...