Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Vulnerability Description
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Mermaid 代码注入漏洞
Vulnerability Description
Mermaid是一个应用软件。使用文本和代码创建图表和可视化。 Mermaid 1.3.0之前版本、2.0.0-rc1之前版本存在代码注入漏洞,攻击者利用该漏洞可以用任意代码修改任何mermaid代码块,它会在 MDXjs 加载组件时执行。
CVSS Information
N/A
Vulnerability Type
N/A