CVE-2020-26297

Name of the Vulnerable Software and Affected Versions: mdBook versions prior to 0.4.5

Description: The search feature of mdBook is affected by a cross-site scripting vulnerability, which could allow an attacker to execute arbitrary JavaScript code on a user's browser. This can be achieved by tricking the user into typing a malicious search query or clicking a link to the search page with the malicious search query prefilled. The vulnerability was introduced in version 0.1.4 and is fixed in mdBook 0.4.5 by properly escaping the search query.

Recommendations: For mdBook versions prior to 0.4.5, upgrade to mdBook 0.4.5 or greater and rebuild website contents with it. As a temporary workaround, consider restricting access to the search feature until the issue is resolved.