CVE-2018-20583: Cross-site Scripting

December 30, 2018 (updated January 15, 2019)

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).

References

github.com/thephpleague/commonmark/issues/337

Detect and mitigate CVE-2018-20583 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →