CVE-2019-10010: Cross-site Scripting

March 24, 2019 (updated March 26, 2019)

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.

References

github.com/thephpleague/commonmark/issues/353

Detect and mitigate CVE-2019-10010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →