Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data
Vulnerability Description
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
gatsby 代码问题漏洞
Vulnerability Description
gatsby是一个应用软件。一个基于 React 的免费开源框架,可帮助开发人员构建极快的网站和应用程序。 gatsby plugin mdx 2.14.1 及之前的版本、3.15.2 之前的版本存在安全漏洞,该漏洞源于在将输入传递到gray-matter时容易受到不可信数据的反序列化。
CVSS Information
N/A
Vulnerability Type
N/A