Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability on @mdx-js/loader related with trim #1531

Closed
BiancaArtola opened this issue Apr 30, 2021 · 2 comments
Closed

Vulnerability on @mdx-js/loader related with trim #1531

BiancaArtola opened this issue Apr 30, 2021 · 2 comments
Labels
👯 no/duplicate Déjà vu

Comments

@BiancaArtola
Copy link

I know that it is not a bug, but I need to report a vulnerability that @mdx-js/loader has. I am not using this library directly, but Storybook is using this library so I have the vuln.

image

The following is the related dependencie tree:
@mdx-js/loader -> @mdx-js/mdx -> remark-mdx -> remark-parse -> trim 0.0.1

trim 0.0.1 has a ReDoS vulnerability

Please let me know if you need more information about this.
Can you fix this vuln?
@BiancaArtola BiancaArtola added 🐛 type/bug This is a problem 🙉 open/needs-info This needs some more info labels Apr 30, 2021
@BiancaArtola BiancaArtola mentioned this issue Apr 30, 2021
Closed
@ChristianMurphy
Copy link
Member

duplicate of #1458
this is addressed in mdx 2 #1041 (currently in beta)

@ChristianMurphy ChristianMurphy added 👯 no/duplicate Déjà vu and removed 🐛 type/bug This is a problem 🙉 open/needs-info This needs some more info labels Apr 30, 2021
@BiancaArtola
Copy link
Author

Thanks!

This was referenced May 11, 2021
Closed
Closed
@JounQin JounQin mentioned this issue May 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👯 no/duplicate Déjà vu
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChristianMurphy @BiancaArtola