[BUG] Critical vulnerability due to sanitize-html@1.27.5 dependency #454

sunita1112 · 2021-12-16T10:53:39Z

What / Why

We are using @npmcorp/marky-markdown@12.0.3 in our project and we see there is a critical vulnerability exposed by the dependency sanitize-html@1.27.5

We are using snyk tool to identify vulnerabilities. Here is snyk report:

✗ Arbitrary Code Execution [Critical Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892] in sanitize-html@1.27.5
  introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.0.0-beta

✗ Validation Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780] in sanitize-html@1.27.5
  introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.3.2
✗ Access Restriction Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786] in sanitize-html@1.27.5
  introduced by @npmcorp/marky-markdown@12.0.3 > sanitize-html@1.27.5
This issue was fixed in versions: 2.3.1

Can you please look into it and upgrade the sanitize-html dependency?
Thanks

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Critical vulnerability due to sanitize-html@1.27.5 dependency #454

[BUG] Critical vulnerability due to sanitize-html@1.27.5 dependency #454

sunita1112 commented Dec 16, 2021

[BUG] Critical vulnerability due to sanitize-html@1.27.5 dependency #454

[BUG] Critical vulnerability due to sanitize-html@1.27.5 dependency #454

Comments

sunita1112 commented Dec 16, 2021

What / Why