Homepage

@tinacms/mdx@2.1.6

  • latest version

    2.1.7

  • latest non vulnerable version

    2.1.7

  • first published

    3 years ago

  • latest version published

    10 days ago

  • licenses detected

  • View mdx package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @tinacms/mdx package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting content with malicious URL schemes such as javascript: or data:text/html, including obfuscated forms, which are rendered into href or src attributes when the content is viewed.

    How to fix Cross-site Scripting (XSS)?

    Upgrade @tinacms/mdx to version 2.1.7 or higher.

    <2.1.7
    Go back to all versions of this package