325 matches found
Arbitrary Code Injection
gatsby-transformer-remark is vulnerable to Arbitrary Code Injection. The vulnerability is due to the gray-matter package which is used in parsing and is vulnerable in the default configuration, allowing an attacker to inject and execute unsanitized JavaScript codes...
CVE-2023-22491
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
Design/Logic Flaw
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
UBUNTU-CVE-2023-22491
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
CVE-2023-22491
The CVE-2023-22491 entry concerns the Gatsby gatsby-transformer-remark plugin, affected in versions prior to 5.25.1 and 6.3.2. The vulnerability arises when the plugin passes input to gray-matter in data mode, allowing JavaScript injection in its default configuration if input is not sanitized; i...
CVE-2023-22491
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
GHSA-7CH4-RR99-CQCW gatsby-transformer-remark has possible unsanitized JavaScript code injection
Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...
Troubleshoot Gray or Black Screen
Troubleshooting steps for gray / black screen: Problem| Solution ---|--- Check the event log when gray screen appears or seamless apps fail to launch| Error ID 1002CTX220418 Error ID 1005 and 1003CTX312452 Gray screen when launching Citrix Virtual Desktop with Citrix WEM Service Agent | CTX312240...
CVE-2022-25863
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...
Deserialization of untrusted data
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...
CVE-2022-25863
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...
gatsby 代码问题漏洞
gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A security vulnerability exists in the gatsby plugin mdx versions 2.14.1 and earlier, 3.15.2 and earlier, which stems from vulnerability to...
GHSA-MJ46-R4GR-5X83 Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present when passing input in both webpack MDX fil...
Deserialization of Untrusted Data
Overview gatsby-plugin-mdx is a MDX integration for Gatsby Affected versions of this package are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this...
GHSA-X949-7CM6-FM6P Code Injection in md-to-pdf.
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
Code Injection in md-to-pdf.
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
CVE-2021-23639
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
CVE-2021-23639
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
Remote code execution
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...
CVE-2021-23639
md-to-pdf before 5.0.0 is vulnerable to Remote Code Execution via gray-matter parsing of front matter without disabling the JS engine. Affected tool is the CLI md-to-pdf (Simonhaenisch) with PoC demonstrations and Snyk/Snyk-like advisories confirming RCE risk. The root cause is executing embedded...