gatsby-transformer-remark@2.6.7 vulnerabilities
Gatsby transformer plugin for Markdown using the Remark library and ecosystem
-
latest version
6.14.0
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
4 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the gatsby-transformer-remark package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
gatsby-transformer-remark is a Gatsby transformer plugin for Markdown using the Remark library and ecosystem Affected versions of this package are vulnerable to Information Exposure via local file inclusion in NOTE: By default How to fix Information Exposure? Upgrade |
<6.10.0
|
gatsby-transformer-remark is a Gatsby transformer plugin for Markdown using the Remark library and ecosystem Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper user-input sanitization when passing input in data mode (querying MarkdownRemark nodes via GraphQL). In order to exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by How to fix Arbitrary Code Injection? Upgrade |
<5.25.1
>=6.0.0 <6.3.2
|