Sjwall

**Name of the Vulnerable Software and Affected Versions** mdx-mermaid versions less than 1.3.0 mdx-mermaid versions 2.0.0-rc1 **Description** The issue concerns an arbitrary JavaScript injection potential in mdx-mermaid. This can be exploited by modifying mermaid code blocks with arbitrary code, which will execute when the component is loaded by MDXjs. There are no known workarounds for this issue. **Recommendations** For mdx-mermaid versions less than 1.3.0, update to version 1.3.0 or later. For mdx-mermaid version 2.0.0-rc1, update to version 2.0.0-rc2 or later.