Name of the Vulnerable Software and Affected Versions marky-markdown versions (all versions)

Description The issue concerns HTML Injection due to the failure to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML.

Recommendations For all versions, upgrade to @npmcorp/marky-markdown, as the original package is no longer maintained.