marky-markdown icon indicating copy to clipboard operation
marky-markdown copied to clipboard
verified publisher icon npm

[BUG] Critical vulnerability due to [email protected] dependency

Open sunita1112 opened this issue 4 years ago • 0 comments

What / Why

We are using @npmcorp/[email protected] in our project and we see there is a critical vulnerability exposed by the dependency [email protected]

We are using snyk tool to identify vulnerabilities. Here is snyk report:

✗ Arbitrary Code Execution [Critical Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892] in [email protected]
  introduced by @npmcorp/[email protected] > [email protected]
This issue was fixed in versions: 2.0.0-beta

✗ Validation Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780] in [email protected]
  introduced by @npmcorp/[email protected] > [email protected]
This issue was fixed in versions: 2.3.2
✗ Access Restriction Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786] in [email protected]
  introduced by @npmcorp/[email protected] > [email protected]
This issue was fixed in versions: 2.3.1

Can you please look into it and upgrade the sanitize-html dependency? Thanks

sunita1112 avatar Dec 16 '21 10:12 sunita1112