CVE-2021-37700

Name of the Vulnerable Software and Affected Versions @github/paste-markdown versions prior to 0.3.4

Description A self Cross-Site Scripting issue exists in the @github/paste-markdown library. If the clipboard data contains the string <table>, a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim. Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected.

Recommendations For versions prior to 0.3.4, update to version 0.3.4 to resolve the issue. As a temporary workaround, consider implementing a Content Security Policy that prevents unsafe-inline to reduce the likelihood of this issue being exploited in modern browsers.