You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All versions of simple-markdown are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.
This vulnerability is now preventing our company from using Styleguidist to document components, as we run npm audit to ensure that our codebase is secure.
The text was updated successfully, but these errors were encountered:
It appears that this has been resolved: quantizor/markdown-to-jsx#306 (comment) and the package maintainers are just waiting on npm to approve that the vulnerability has been patched.
I've opened a PR to update the markdown-to-jsx version here: #1599
This updates the markdown-to-jsx package to v6.11.4 in order to patch a security vulnerability as reported at #1596 and addressed here at quantizor/markdown-to-jsx#306
There is currently a high severity security vulnerability in the markdown-to-jsx package used by Styleguidist.
https://npmjs.com/advisories/1219
This vulnerability is now preventing our company from using Styleguidist to document components, as we run
npm audit
to ensure that our codebase is secure.The text was updated successfully, but these errors were encountered: