Description
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITDECORATE-1044068
Related Vulnerabilities
CVE-2021-21172 Vulnerability in npm package electron
CVE-2021-41246 Vulnerability in npm package express-openid-connect
CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash.merge
CVE-2022-42004 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-34078 Vulnerability in npm package lifion-verify-deps