Lucene search
+L

43 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.6 views

CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

8.1CVSS7.1AI score0.00613EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/10/04 2:2 p.m.390 views

Exploit for CVE-2021-23639

Overview md-to-pdf is a CLI tool for converting Markdown fil...

9.8CVSS7.5AI score0.05329EPSS
Exploits2
Veracode
Veracode
added 2023/01/20 1:18 p.m.21 views

Arbitrary Code Injection

gatsby-transformer-remark is vulnerable to Arbitrary Code Injection. The vulnerability is due to the gray-matter package which is used in parsing and is vulnerable in the default configuration, allowing an attacker to inject and execute unsanitized JavaScript codes...

8.1CVSS5.8AI score0.00613EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/01/13 7:15 p.m.19 views

CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

8.1CVSS8.2AI score0.00613EPSS
Exploits1References1
Prion
Prion
added 2023/01/13 7:15 p.m.19 views

Design/Logic Flaw

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

4.9CVSS5.6AI score0.00613EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/13 7:15 p.m.5 views

UBUNTU-CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

8.1CVSS5.7AI score0.00613EPSS
Exploits1References2
CVE
CVE
added 2023/01/13 6:5 p.m.325 views

CVE-2023-22491

The CVE-2023-22491 entry concerns the Gatsby gatsby-transformer-remark plugin, affected in versions prior to 5.25.1 and 6.3.2. The vulnerability arises when the plugin passes input to gray-matter in data mode, allowing JavaScript injection in its default configuration if input is not sanitized; i...

8.1CVSS6.4AI score0.00613EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/13 12:0 a.m.30 views

CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

8.1CVSS6.5AI score0.00613EPSS
Exploits1References1
OSV
OSV
added 2023/01/11 6:27 p.m.27 views

GHSA-7CH4-RR99-CQCW gatsby-transformer-remark has possible unsanitized JavaScript code injection

Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...

8.1CVSS6.7AI score0.00613EPSS
Exploits1References3
NVD
NVD
added 2022/06/10 8:15 p.m.15 views

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

9.8CVSS0.01865EPSS
Exploits1References4
Prion
Prion
added 2022/06/10 8:15 p.m.16 views

Deserialization of untrusted data

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

7.5CVSS9.3AI score0.01865EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/10 8:0 p.m.5 views

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

9.8CVSS7.2AI score0.01865EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.5 views

gatsby 代码问题漏洞

gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A security vulnerability exists in the gatsby plugin mdx versions 2.14.1 and earlier, 3.15.2 and earlier, which stems from vulnerability to...

9.8CVSS8.4AI score0.01865EPSS
Exploits1References5
OSV
OSV
added 2022/06/03 10:32 p.m.21 views

GHSA-MJ46-R4GR-5X83 Unsanitized JavaScript code injection possible in gatsby-plugin-mdx

Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present when passing input in both webpack MDX fil...

8.1CVSS5.8AI score0.01865EPSS
Exploits1References7
Snyk
Snyk
added 2022/02/18 1:41 p.m.7 views

Deserialization of Untrusted Data

Overview gatsby-plugin-mdx is a MDX integration for Gatsby Affected versions of this package are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this...

9.8CVSS6.7AI score0.01865EPSS
Exploits1References2
OSV
OSV
added 2021/12/16 2:34 p.m.841 views

GHSA-X949-7CM6-FM6P Code Injection in md-to-pdf.

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS9.7AI score0.05329EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2021/12/16 2:34 p.m.243 views

Code Injection in md-to-pdf.

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS5.4AI score0.05329EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2021/12/10 8:15 p.m.29 views

CVE-2021-23639

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS0.05329EPSS
Exploits2References3
OSV
OSV
added 2021/12/10 8:15 p.m.27 views

CVE-2021-23639

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS7.4AI score
Exploits0References3
Prion
Prion
added 2021/12/10 8:15 p.m.31 views

Remote code execution

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

7.5CVSS9.7AI score0.05329EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder