Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) markdown-to-jsx is a lightweight, customizable React markdown component. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `src` property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious `iframe` element in the markdown. How to fix Cross-site Scripting (XSS)? Upgrade `markdown-to-jsx` to version 7.4.0 or higher.	<7.4.0
M Regular Expression Denial of Service (ReDoS) markdown-to-jsx is a lightweight, customizable React markdown component. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Catastrophic backtracking in the `BREAK_THEMATIC_R` regex causes parsing to hang on non-matching input with repeating asterisks How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `markdown-to-jsx` to version 7.2.0 or higher.	<7.2.0

Cross-site Scripting (XSS)

markdown-to-jsx is a lightweight, customizable React markdown component.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

How to fix Cross-site Scripting (XSS)?

Upgrade markdown-to-jsx to version 7.4.0 or higher.

<7.4.0

Regular Expression Denial of Service (ReDoS)

markdown-to-jsx is a lightweight, customizable React markdown component.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Catastrophic backtracking in the BREAK_THEMATIC_R regex causes parsing to hang on non-matching input with repeating asterisks

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade markdown-to-jsx to version 7.2.0 or higher.

<7.2.0

Go back to all versions of this package