PT-2024-18949 · Unknown · Markdown-To-Jsx

Rustam Komildzhonov

Published

2024-10-14

Updated

2024-10-17

CVE-2024-21535

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions markdown-to-jsx versions prior to 7.4.0

Description The issue is related to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

Recommendations For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the src property in markdown until a patch is available. Restrict access to markdown elements to minimize the risk of exploitation. Avoid using the src property in markdown until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-21535

GHSA-4WX3-54GH-9FR9

Affected Products

Markdown-To-Jsx

PT-2024-18949 · Unknown · Markdown-To-Jsx

CVE-2024-21535

Weakness Enumeration

Related Identifiers

Affected Products

References · 15