VYPR

npm package

gatsby-plugin-mdx

pkg:npm/gatsby-plugin-mdx

Vulnerabilities (1)

  • CVE-2022-25863Jun 10, 2022
    affected < 2.14.1fixed 2.14.1

    The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerabilit