GHSA-qx76-c53f-5c7q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qx76-c53f-5c7q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qx76-c53f-5c7q/GHSA-qx76-c53f-5c7q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qx76-c53f-5c7q
- Aliases
- Published
- 2022-05-14T01:40:50Z
- Modified
- 2024-02-16T08:16:43.743975Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
- Details
-
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allowunsafelinks is false) via a newline character (e.g., writing javascript as javascri%0apt).
- Database specific
{ "nvd_published_at": "2018-12-30T05:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-09-12T15:59:43Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-20583
- https://github.com/thephpleague/commonmark/issues/337
- https://commonmark.thephpleague.com/changelog
- https://github.com/FriendsOfPHP/security-advisories/blob/master/league/commonmark/CVE-2018-20583.yaml
- https://github.com/thephpleague/commonmark
- https://github.com/thephpleague/commonmark/releases/tag/0.18.1
Affected packages
Packagist / league/commonmark
Package
- Name
- league/commonmark
- Purl
- pkg:composer/league/commonmark