12 matches found
CVE-2022-36036
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
@guild-docs/client (>=2.0.0 <=4.0.0-alpha-b500768.0) potentially affected by CVE-2022-36036 via mdx-mermaid (=1.2.2)
mdx-mermaid NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on mdx-mermaid and may be impacted: - @guild-docs/client =2.0.0, =4.0.0-alpha-b500768.0 Source cves: CVE-2022-36036 Source advisory: OSV:GHSA-RVGM-35JW-Q628...
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...
GHSA-RVGM-35JW-Q628 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...
Code Injection
mdx-mermaid is vulnerable to code injection. The vulnerability exists in mermaid code blocks due to a lack of input validation allowing an attacker to inject and execute arbitrary codes...
CVE-2022-36036
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
Code injection
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
CVE-2022-36036
**Summary**CVE-2022-36036 affects the mdx-mermaid component, enabling arbitrary JavaScript injection by placing code into mermaid blocks. Versions affected: < 1.3.0 and
CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...
PT-2022-23132 · Unknown · Mdx-Mermaid
Name of the Vulnerable Software and Affected Versions: mdx-mermaid versions less than 1.3.0 mdx-mermaid versions 2.0.0-rc1 Description: The issue concerns an arbitrary JavaScript injection potential in mdx-mermaid. This can be exploited by modifying mermaid code blocks with arbitrary code, which...