HIGH 7.2 npm
Incorrect sanitisation function leads to `XSS` in mermaid
GHSA-p3rp-vmj9-gv6v · CVE-2021-43861
Published · Modified
Description
Impact
Malicious diagrams can contain javascript code that can be run at diagram readers machines.
Patches
The users should upgrade to version 8.13.8
Workarounds
You need to upgrade in order to avoid this issue.
References
- WEB https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-43861
- WEB https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
- PACKAGE https://github.com/mermaid-js/mermaid
- WEB https://github.com/mermaid-js/mermaid/releases/tag/8.13.8
Ready to move
Start Securing
Free, no credit card | First findings in minutes