@udecode/plate-link@13.5.0 vulnerabilities

Link plugin for Plate

Direct Vulnerabilities

Known vulnerabilities in the @udecode/plate-link package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Input Validation

@udecode/plate-link is a Link plugin for Plate

Affected versions of this package are vulnerable to Improper Input Validation. It does not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content.

How to fix Improper Input Validation?

Upgrade @udecode/plate-link to version 20.0.0 or higher.

<20.0.0