Advisories for Npm/Buttle package

All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available.

XSS in buttle causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.

Path traversal in buttle module versions allows to read any file on the server-side.