Skip to content
This repository was archived by the owner on Apr 3, 2024. It is now read-only.
This repository was archived by the owner on Apr 3, 2024. It is now read-only.

[BUG] Critical vulnerability due to sanitize-html@1.27.5 dependency #454

Description

@sunita1112

What / Why

We are using @npmcorp/marky-markdown@12.0.3 in our project and we see there is a critical vulnerability exposed by the dependency sanitize-html@1.27.5

We are using snyk tool to identify vulnerabilities. Here is snyk report:

✗ Arbitrary Code Execution [Critical Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892] in sanitize-html@1.27.5
  introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.0.0-beta

✗ Validation Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780] in sanitize-html@1.27.5
  introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.3.2
✗ Access Restriction Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786] in sanitize-html@1.27.5
  introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.3.1

Can you please look into it and upgrade the sanitize-html dependency?
Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions