Source: node-prismjs Version: 1.11.0+dfsg-3 Severity: important Tags: security upstream X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for node-prismjs. CVE-2020-15138[0]: | Prism is vulnerable to Cross-Site Scripting. The easing preview of the | Previewers plugin has an XSS vulnerability that allows attackers to | execute arbitrary code in Safari and Internet Explorer. This impacts | all Safari and Internet Explorer users of Prism >=v1.1.0 that use | the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ | plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To | workaround the issue without upgrading, disable the easing preview on | all impacted code blocks. You need Prism v1.10.0 or newer to apply | this workaround. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-15138 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138 [1] https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 [2] https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be Regards, Salvatore
