Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(Low) Aikido > "sanitize-url" XSS vulnerability > Upgrade "marmaid" version #533

Closed
tom-vism opened this issue Aug 14, 2024 · 1 comment
Closed

(Low) Aikido > "sanitize-url" XSS vulnerability > Upgrade "marmaid" version #533

tom-vism opened this issue Aug 14, 2024 · 1 comment

Comments

@tom-vism
Copy link

AIKIDO-2024-10096

Affected versions of the @braintree/sanitize-url library are vulnerable to Cross-site Scripting (XSS). If you are using this library for sanitizing urls, certain whitespace sequences are not correctly escaped and can lead to an XSS attack

How to fix:
Use 11.0.0-alpha.7 version for "mermaid" package (which has dependency @braintree/sanitize-url": "^7.0.1" and it fixes the issue)
@jfcere
Copy link
Owner

jfcere commented Oct 1, 2024

Dependency has been updated to support mermaid 11.0.0 and released as part of ngx-markdown v18.1.0.

@jfcere jfcere closed this as completed Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jfcere @tom-vism