CVE-2021-35513 (Medium) detected in mermaid-8.8.1.min.js #161
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-35513 - Medium Severity Vulnerability
Markdownish syntax for generating flowcharts, sequence diagrams, class diagrams and gantt charts.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.1/mermaid.min.js
Path to dependency file: /docs-src/themes/tibcolabs/layouts/partials/scripts.html
Path to vulnerable library: /docs-src/themes/tibcolabs/layouts/partials/scripts.html
Dependency Hierarchy:
Found in HEAD commit: 2b36f19c6531f1a3964d83923e752838cd9d62cb
Found in base branch: master
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Publish Date: 2021-06-27
URL: CVE-2021-35513
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-4f6x-49g2-99fm
Release Date: 2021-06-27
Fix Resolution: mermaid - 8.11.0
The text was updated successfully, but these errors were encountered: