Homepage

mdx-mermaid@1.2.1 vulnerabilities

Display mermaid diagrams in mdx files.

  • latest version

    2.0.3

  • latest non vulnerable version

    2.0.3

  • first published

    3 years ago

  • latest version published

    4 days ago

  • licenses detected

  • View mdx-mermaid package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the mdx-mermaid package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Code Injection

    mdx-mermaid is a Display mermaid diagrams in mdx files.

    Affected versions of this package are vulnerable to Code Injection due to improper input validation, which makes it possible to inject malicious code inside a code block of Mermaid.spec.tsx. Exploiting this vulnerability is possible when a component is loaded by MDXjs.

    How to fix Code Injection?

    Upgrade mdx-mermaid to version 1.3.0, 2.0.0-rc2 or higher.

    <1.3.0>=2.0.0-rc1 <2.0.0-rc2
    Go back to all versions of this package