Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.7 views

CVE-2022-36036

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

7.8CVSS7.6AI score0.00383EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/08/31 10:26 p.m.7 views

@guild-docs/client (>=2.0.0 <=4.0.0-alpha-b500768.0) potentially affected by CVE-2022-36036 via mdx-mermaid (=1.2.2)

mdx-mermaid NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on mdx-mermaid and may be impacted: - @guild-docs/client =2.0.0, =4.0.0-alpha-b500768.0 Source cves: CVE-2022-36036 Source advisory: OSV:GHSA-RVGM-35JW-Q628...

7.8CVSS7.1AI score0.00383EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/08/31 10:26 p.m.41 views

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...

7.8CVSS7.6AI score0.00383EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/08/31 10:26 p.m.30 views

GHSA-RVGM-35JW-Q628 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...

3.6CVSS5.7AI score0.00383EPSS
Exploits1References4
Veracode
Veracode
added 2022/08/30 7:20 a.m.23 views

Code Injection

mdx-mermaid is vulnerable to code injection. The vulnerability exists in mermaid code blocks due to a lack of input validation allowing an attacker to inject and execute arbitrary codes...

7.8CVSS7.9AI score0.00383EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/08/29 6:15 p.m.37 views

CVE-2022-36036

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

7.8CVSS0.00383EPSS
Exploits1References2
Prion
Prion
added 2022/08/29 6:15 p.m.18 views

Code injection

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

4.3CVSS7.8AI score0.00383EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/29 5:20 p.m.3 views

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

3.6CVSS8.1AI score0.00383EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/29 5:20 p.m.42 views

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

3.6CVSS8.1AI score0.00383EPSS
Exploits1References2
CVE
CVE
added 2022/08/29 5:20 p.m.57 views

CVE-2022-36036

**Summary**CVE-2022-36036 affects the mdx-mermaid component, enabling arbitrary JavaScript injection by placing code into mermaid blocks. Versions affected: &lt; 1.3.0 and

7.8CVSS6.2AI score0.00383EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/08/29 5:20 p.m.25 views

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

3.6CVSS7.8AI score0.00383EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.5 views

PT-2022-23132 · Unknown · Mdx-Mermaid

Name of the Vulnerable Software and Affected Versions: mdx-mermaid versions less than 1.3.0 mdx-mermaid versions 2.0.0-rc1 Description: The issue concerns an arbitrary JavaScript injection potential in mdx-mermaid. This can be exploited by modifying mermaid code blocks with arbitrary code, which...

7.8CVSS7.7AI score0.00383EPSS
Exploits1References7
Rows per page
Query Builder