Php League · Php League Commonmark Library · CVE-2018-20583
**Name of the Vulnerable Software and Affected Versions**
PHP League CommonMark library versions 0.15.6 through 0.18.x
**Description**
The issue allows remote attackers to insert unsafe URLs into HTML, even when `allow unsafe links` is set to false, by utilizing a newline character. This can be achieved by writing javascript as `javsacri%0apt`, demonstrating the potential for malicious script injection.
**Recommendations**
For PHP League CommonMark library versions 0.15.6 through 0.18.x, update to version 0.18.1 or later to resolve the issue.