Matthieusieben

**Name of the Vulnerable Software and Affected Versions** remark-html versions prior to 13.0.2 remark-html versions prior to 14.0.1 **Description** The documentation of remark-html mentioned that it was safe by default, but in practice, the default was never safe and had to be opted into. This means user input was not sanitized, allowing arbitrary HTML to be passed through, leading to potential XSS attacks. **Recommendations** For versions prior to 13.0.2, update to version 13.0.2 or later. For versions prior to 14.0.1, update to version 14.0.1 or later. On older affected versions, pass `sanitize: true` to mitigate the issue, for example, by using `.use(remarkHtml, {sanitize: true})`.