Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

found 1 high severity vulnerability #839

Closed
Vanessa219 opened this issue May 15, 2019 · 2 comments
Closed

found 1 high severity vulnerability #839

Vanessa219 opened this issue May 15, 2019 · 2 comments

Comments

@Vanessa219
Copy link

image
@NicolaiSoeborg
Copy link

Link: https://www.npmjs.com/advisories/751

Exploit:
All versions of mermaid are vulnerable to Cross-Site Scripting. If malicious input such as A["<img src=invalid onerror=alert('XSS')></img>"] is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding.

@IOrlandoni
Copy link
Member

This is being handled on #847.

@dependabot dependabot bot mentioned this issue Mar 16, 2021
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Vanessa219 @IOrlandoni @NicolaiSoeborg