mdx-mermaid@1.2.0 vulnerabilities

Display mermaid diagrams in mdx files.

Direct Vulnerabilities

Known vulnerabilities in the mdx-mermaid package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Code Injection

mdx-mermaid is a Display mermaid diagrams in mdx files.

Affected versions of this package are vulnerable to Code Injection due to improper input validation, which makes it possible to inject malicious code inside a code block of Mermaid.spec.tsx. Exploiting this vulnerability is possible when a component is loaded by MDXjs.

How to fix Code Injection?

Upgrade mdx-mermaid to version 1.3.0, 2.0.0-rc2 or higher.

<1.3.0 >=2.0.0-rc1 <2.0.0-rc2