Name of the Vulnerable Software and Affected Versions marky-markdown versions all

Description The issue is related to HTML Injection due to a validation bypass in the marky-markdown package. Specifically, the package is designed to only allow iframes with sources from youtube.com, but this validation can be bypassed by using sources where youtube.com is a sub-domain, such as youtube.com.evil.co.

Recommendations For all versions of marky-markdown, upgrade to @npmcorp/marky-markdown as the original package is no longer maintained.