sandpack icon indicating copy to clipboard operation
sandpack copied to clipboard

Published 20 hours ago verified publisher icon codesandbox

Critical Severity Vulnerability in intersection-observer

Open salzpate opened this issue 4 months ago • 0 comments

We actually want to use mdxeditor, which uses @codesandbox/sandpack-react as dependency.

@react-hook/intersection-observer currently still uses a polyfill for the intersection observer. However, we have now received information that the intersection observer contained therein is highly vulnerable. This means that we are not allowed to use MdxEditor. I have also created an issue for this at @react-hook, but wanted to ask if you could update to a newer version or, alternatively (if no version with a fix is released), switch to an alternative solution. I would be happy to assist you with this.

See: https://github.com/jaredLunde/react-hook/issues/318

salzpate avatar Jun 05 '25 13:06 salzpate