CVE-2019-10010

Name of the Vulnerable Software and Affected Versions: PHP League CommonMark library versions prior to 0.18.3

Description: The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to insert unsafe links into HTML. This is achieved by using double-encoded HTML entities that are not properly escaped during rendering.

Recommendations: For versions prior to 0.18.3, update to version 0.18.3 or later to resolve the issue. As a temporary workaround, consider disabling the rendering of user-provided HTML entities until a patch is available. Restrict access to the CommonMark library to minimize the risk of exploitation. Avoid using the library to render untrusted input until the issue is resolved.