Webbertakken

Name of the Vulnerable Software and Affected Versions: docusaurus-plugin-content-gists versions prior to 4.0.0 Description: The Docusaurus gists plugin displays public gists of a GitHub user on a Docusaurus instance. Versions prior to 4.0.0 inadvertently include GitHub Personal Access Tokens in client-side JavaScript bundles when passed through plugin configuration options. These tokens, intended for build-time API access, become accessible to anyone who can view the website's source code. Recommendations: Update docusaurus-plugin-content-gists to version 4.0.0.