Advisory #50
TitleQiita::Markdown cross-site scripting via crafted gist link
CVE IDCVE-2021-28833
VendorIncrements Inc.
Affected productQiita::Markdown
Affected versions- 0.33.0
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionQiita::Markdown has a vulnerability that allows cross-site scripting via crafted gist link. NOTE: This CVE ID is unique from CVE-2021-28796.
StatusFixed in 0.34.0
RecommendationUpdate to 0.34.0 or above.