View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0025675 | mantisbt | security | public | 2019-04-04 04:24 | 2024-04-22 12:20 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | high | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 2.12.1 | ||||
| Target Version | 2.20.1 | Fixed in Version | 2.20.1 | ||
| Summary | 0025675: CVE-2019-10905: Update Parsedown library to 1.7.3 | ||||
| Description | Parsedown < 1.7.2 is vulnerable to attacks allowing users to inject arbitrary CSS classes into code blocks. This affects all MantisBT issues where Markdown processing is enabled. For further details, see https://github.com/erusev/parsedown/issues/699 The problem was fixed in Parsedown 1.7.2, but due to a mislabeled released tag, 1.7.3 was released shortly thereafter. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: dependabot/composer/erusev/parsedown-1.7.3 72e34794 2019-04-02 22:40 dependabot[bot] Committer: dregad Details Diff |
Bump erusev/parsedown from 1.7.1 to 1.7.3 Bumps [erusev/parsedown](https://github.com/erusev/parsedown) from 1.7.1 to 1.7.3. - [Release notes](https://github.com/erusev/parsedown/releases) - [Commits](https://github.com/erusev/parsedown/compare/1.7.1...1.7.3) Signed-off-by: dependabot[bot] <support@dependabot.com> Fixes 0025675 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0025675 |
|
| mod - composer.lock | Diff File | ||
