Cross-site Scripting (XSS) The advisory has been revoked - it doesn't affect any version of package odo.src  (opens in a new tab)


Threat Intelligence

EPSS
0.35% (58th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL10-ODOSRC-15368263
  • published3 Mar 2026
  • disclosed18 Feb 2022

Introduced: 18 Feb 2022

CVE-2022-23647  (opens in a new tab)
CWE-79  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream odo.src package and not the odo.src package as distributed by RHEL.

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.