NodeJS/mermaid/10.0.1
Markdown-ish syntax for generating flowcharts, mindmaps, sequence diagrams, class diagrams, gantt charts, git graphs and more.
https://www.npmjs.com/package/mermaid
MIT
1 Security Vulnerabilities
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
Published date: 2024-10-22T18:17:02Z
Links:
- https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674
- https://github.com/mermaid-js/mermaid/security/advisories/GHSA-m4gq-x24j-jpmf
- https://github.com/mermaid-js/mermaid/commit/6c785c93166c151d27d328ddf68a13d9d65adc00
- https://github.com/mermaid-js/mermaid/commit/92a07ffe40aab2769dd1c3431b4eb5beac282b34
- https://github.com/advisories/GHSA-m4gq-x24j-jpmf
The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.
This affects the built:
dist/mermaid.min.jsdist/mermaid.jsdist/mermaid.esm.mjsdist/mermaid.esm.min.mjs
This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js
Users that use the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or the dist/mermaid.core.mjs file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like npm audit fix.
Patches
developbranch: 6c785c93166c151d27d328ddf68a13d9d65adc00- backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34
Affected versions:
["0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.3.0", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.4.0", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.5.8", "6.0.0", "7.0.0", "7.0.1", "7.0.2", "7.0.3", "7.0.4", "7.0.5", "7.0.6", "7.0.7", "7.0.8", "7.0.9", "7.0.10", "7.0.11", "7.0.12", "7.0.13", "7.0.14", "7.0.15", "7.0.16", "7.0.17", "7.0.18", "7.1.0", "7.1.1", "7.1.2", "8.0.0-alpha.1", "8.0.0-alpha.2", "8.0.0-alpha.3", "8.0.0-alpha.4", "8.0.0-alpha.5", "8.0.0-alpha.6", "8.0.0-alpha.8", "8.0.0-alpha.9", "8.0.0-beta.1", "8.0.0-beta.2", "8.0.0-beta.3", "8.0.0-beta.4", "8.0.0-beta.5", "8.0.0-beta.6", "8.0.0-beta.7", "8.0.0-beta.8", "8.0.0-beta.9", "8.0.0-rc.1", "8.0.0-rc.2", "8.0.0-rc.3", "8.0.0-rc.4", "8.0.0-rc.5", "8.0.0-rc.6", "8.0.0-rc.7", "8.0.0-rc.8", "8.0.0", "8.1.0", "8.2.1", "8.2.2", "8.2.3", "8.2.4", "8.2.5", "8.2.6", "8.3.0", "8.3.1", "8.4.0", "8.4.1", "8.4.2", "8.4.3", "8.4.4", "8.4.5", "8.4.6", "8.4.7", "8.4.8", "8.5.0", "8.5.1", "8.5.2", "8.6.0", "8.6.1", "8.6.2", "8.6.3", "8.6.4", "8.7.0", "8.8.0", "8.8.1", "8.8.2", "8.8.3", "8.8.4", "8.9.0", "8.9.1", "8.9.2", "8.9.3", "8.10.1", "8.10.2", "8.11.0", "8.11.1", "8.11.2", "8.11.3", "8.11.4", "8.11.5", "8.12.0", "8.12.1", "8.13.0", "8.13.1", "8.13.2", "8.13.3", "8.13.4", "8.13.5", "8.13.6", "8.13.7", "8.13.8", "8.13.9", "8.13.10", "8.14.0-rc1", "8.14.0", "9.0.0", "9.0.1", "9.1.0", "9.1.1", "9.1.2", "9.1.3", "9.1.4", "9.1.5", "9.1.6", "9.2.0-rc1", "9.1.7", "9.2.0-rc2", "9.2.0-rc3", "9.2.0-rc4", "9.2.0-rc5", "9.2.0-rc6", "9.2.0-rc7", "9.2.0-rc8", "9.2.0-rc9", "9.2.0-rc10", "9.2.0", "9.2.1", "9.2.2-rc.2", "9.2.2", "9.2.3-rc.1", "9.3.0-rc.1", "9.3.0-rc.2", "9.3.0-rc.3", "9.3.0-rc.4", "9.3.0-rc.5", "9.3.0-rc.6", "9.3.0-rc.7", "9.3.0", "9.4.0-rc.1", "9.4.0-rc.2", "9.4.0", "9.4.2-rc.1", "10.0.0-rc.1", "10.0.0-rc.2", "10.0.0-rc.3", "10.0.0-rc.4", "10.0.0", "10.0.1-rc.1", "10.0.1-rc.2", "10.0.1-rc.3", "9.4.2-rc.2", "10.0.1-rc.4", "10.0.1-rc.5", "10.0.1", "10.0.2-rc.1", "10.0.2", "10.0.3-alpha.1", "9.4.2", "9.4.3", "10.1.0-rc.1", "10.1.0", "10.2.0-rc.1", "10.2.0-rc.2", "10.2.0-rc.3", "10.2.0-rc.4", "10.2.0", "10.2.1-rc.1", "10.2.1", "10.2.2", "10.2.3-rc.1", "10.2.3", "10.2.4-rc.1", "10.2.4", "10.3.0-rc.1", "10.3.0", "10.3.1", "10.4.0", "10.5.0-alpha.1", "10.5.0-rc.1", "10.5.0-rc.3", "10.5.0", "10.5.1", "10.6.0", "10.6.1", "10.6.2-rc.1", "10.6.2-rc.2", "10.6.2-rc.3", "10.7.0", "10.8.0", "10.9.0-rc.1", "10.9.0-rc.2", "10.9.0", "10.9.1", "10.9.2"]
Secure versions:
[11.0.0-alpha.1, 11.0.0-alpha.2, 11.0.0-alpha.3, 11.0.0-alpha.4, 11.0.0-alpha.5, 11.0.0-alpha.6, 11.0.0-alpha.7, 11.0.0, 11.0.1, 11.0.2, 11.1.0, 11.1.1, 11.2.0, 11.2.1, 11.3.0, 10.9.3, 11.4.0]
Recommendation:
Update to version 11.4.0.
235 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 11.4.0 | MIT | 2024-10-30 - 15:43 | 15 days | |
| 11.3.0 | MIT | 2024-10-03 - 14:43 | about 1 month | |
| 11.2.1 | MIT | 2024-09-16 - 16:41 | about 2 months | |
| 11.2.0 | MIT | 2024-09-09 - 13:23 | 2 months | |
| 11.1.1 | MIT | 2024-09-06 - 17:19 | 2 months | |
| 11.1.0 | MIT | 2024-09-02 - 15:18 | 2 months | |
| 11.0.2 | MIT | 2024-08-24 - 07:06 | 3 months | |
| 11.0.1 | MIT | 2024-08-23 - 15:04 | 3 months | |
| 11.0.0 | MIT | 2024-08-23 - 12:12 | 3 months | |
| 11.0.0-alpha.7 | MIT | 2024-03-23 - 13:27 | 8 months | |
| 11.0.0-alpha.6 | MIT | 2023-11-26 - 15:49 | 12 months | |
| 11.0.0-alpha.5 | MIT | 2023-11-24 - 08:39 | 12 months | |
| 11.0.0-alpha.4 | MIT | 2023-08-16 - 05:32 | about 1 year | |
| 11.0.0-alpha.3 | MIT | 2023-08-14 - 03:42 | over 1 year | |
| 11.0.0-alpha.2 | MIT | 2023-08-12 - 16:02 | over 1 year | |
| 11.0.0-alpha.1 | MIT | 2023-08-12 - 10:56 | over 1 year | |
| 10.9.3 | MIT | 2024-10-22 - 08:56 | 23 days | |
| 10.9.2 | MIT | 1 | 2024-10-02 - 10:28 | about 1 month |
| 10.9.1 | MIT | 1 | 2024-05-14 - 10:58 | 6 months |
| 10.9.0 | MIT | 1 | 2024-03-05 - 17:25 | 8 months |
| 10.9.0-rc.2 | MIT | 1 | 2024-02-29 - 03:14 | 9 months |
| 10.9.0-rc.1 | MIT | 1 | 2024-02-27 - 08:51 | 9 months |
| 10.8.0 | MIT | 1 | 2024-02-02 - 10:32 | 10 months |
| 10.7.0 | MIT | 1 | 2024-01-15 - 09:02 | 10 months |
| 10.6.2-rc.3 | MIT | 1 | 2024-01-11 - 04:58 | 10 months |
| 10.6.2-rc.2 | MIT | 1 | 2023-12-04 - 06:52 | 12 months |
| 10.6.2-rc.1 | MIT | 1 | 2023-11-24 - 08:43 | 12 months |
| 10.6.1 | MIT | 1 | 2023-11-06 - 15:05 | about 1 year |
| 10.6.0 | MIT | 1 | 2023-10-25 - 11:29 | about 1 year |
| 10.5.1 | MIT | 1 | 2023-10-20 - 12:29 | about 1 year |
| 10.5.0 | MIT | 1 | 2023-10-02 - 08:02 | about 1 year |
| 10.5.0-rc.3 | MIT | 1 | 2023-10-02 - 07:50 | about 1 year |
| 10.5.0-rc.1 | MIT | 1 | 2023-09-14 - 08:38 | about 1 year |
| 10.5.0-alpha.1 | MIT | 1 | 2023-09-07 - 07:23 | about 1 year |
| 10.4.0 | MIT | 1 | 2023-08-25 - 12:21 | about 1 year |
| 10.3.1 | MIT | 1 | 2023-08-11 - 12:22 | over 1 year |
| 10.3.0 | MIT | 1 | 2023-07-26 - 07:47 | over 1 year |
| 10.3.0-rc.1 | MIT | 1 | 2023-07-26 - 06:07 | over 1 year |
| 10.2.4 | MIT | 1 | 2023-06-30 - 11:14 | over 1 year |
| 10.2.4-rc.1 | MIT | 1 | 2023-06-30 - 10:57 | over 1 year |
| 10.2.3 | MIT | 1 | 2023-06-08 - 14:27 | over 1 year |
| 10.2.3-rc.1 | MIT | 1 | 2023-06-08 - 14:21 | over 1 year |
| 10.2.2 | MIT | 1 | 2023-06-02 - 08:03 | over 1 year |
| 10.2.1 | MIT | 1 | 2023-06-01 - 11:11 | over 1 year |
| 10.2.1-rc.1 | MIT | 1 | 2023-06-01 - 09:22 | over 1 year |
| 10.2.0 | MIT | 1 | 2023-05-24 - 17:13 | over 1 year |
| 10.2.0-rc.4 | MIT | 1 | 2023-05-24 - 16:25 | over 1 year |
| 10.2.0-rc.3 | MIT | 1 | 2023-05-09 - 04:46 | over 1 year |
| 10.2.0-rc.2 | MIT | 1 | 2023-04-23 - 19:05 | over 1 year |
| 10.2.0-rc.1 | MIT | 1 | 2023-04-23 - 18:52 | over 1 year |
| 10.1.0 | MIT | 1 | 2023-04-04 - 13:17 | over 1 year |
| 10.1.0-rc.1 | MIT | 1 | 2023-04-03 - 12:46 | over 1 year |
| 10.0.3-alpha.1 | MIT | 1 | 2023-03-07 - 03:54 | over 1 year |
| 10.0.2 | MIT | 1 | 2023-03-02 - 12:45 | over 1 year |
| 10.0.2-rc.1 | MIT | 1 | 2023-03-01 - 17:45 | over 1 year |
| 10.0.1 | MIT | 1 | 2023-03-01 - 13:17 | over 1 year |
| 10.0.1-rc.5 | MIT | 1 | 2023-03-01 - 12:55 | over 1 year |
| 10.0.1-rc.4 | MIT | 1 | 2023-03-01 - 08:33 | over 1 year |
| 10.0.1-rc.3 | MIT | 1 | 2023-02-28 - 14:34 | over 1 year |
| 10.0.1-rc.2 | MIT | 1 | 2023-02-24 - 14:16 | over 1 year |
| 10.0.1-rc.1 | MIT | 1 | 2023-02-24 - 12:57 | over 1 year |
| 10.0.0 | MIT | 1 | 2023-02-21 - 09:21 | over 1 year |
| 10.0.0-rc.4 | MIT | 1 | 2023-02-19 - 17:01 | over 1 year |
| 10.0.0-rc.3 | MIT | 1 | 2023-02-19 - 14:36 | over 1 year |
| 10.0.0-rc.2 | MIT | 1 | 2023-02-19 - 13:05 | over 1 year |
| 10.0.0-rc.1 | MIT | 1 | 2023-02-19 - 08:41 | over 1 year |
| 9.4.3 | MIT | 1 | 2023-03-07 - 18:40 | over 1 year |
| 9.4.2 | MIT | 1 | 2023-03-07 - 15:50 | over 1 year |
| 9.4.2-rc.2 | MIT | 1 | 2023-02-28 - 16:21 | over 1 year |
| 9.4.2-rc.1 | MIT | 1 | 2023-02-18 - 18:20 | over 1 year |
| 9.4.0 | MIT | 1 | 2023-02-15 - 15:18 | over 1 year |
| 9.4.0-rc.2 | MIT | 1 | 2023-02-10 - 10:12 | almost 2 years |
| 9.4.0-rc.1 | MIT | 1 | 2023-01-30 - 09:18 | almost 2 years |
| 9.3.0 | MIT | 1 | 2022-12-15 - 09:19 | almost 2 years |
| 9.3.0-rc.7 | MIT | 1 | 2022-12-15 - 03:43 | almost 2 years |
| 9.3.0-rc.6 | MIT | 1 | 2022-12-14 - 04:16 | almost 2 years |
| 9.3.0-rc.5 | MIT | 1 | 2022-12-13 - 08:13 | almost 2 years |
| 9.3.0-rc.4 | MIT | 1 | 2022-12-12 - 19:09 | almost 2 years |
| 9.3.0-rc.3 | MIT | 1 | 2022-12-12 - 18:54 | almost 2 years |
| 9.3.0-rc.2 | MIT | 1 | 2022-12-12 - 18:26 | almost 2 years |
| 9.3.0-rc.1 | MIT | 1 | 2022-12-08 - 14:12 | almost 2 years |
| 9.2.3-rc.1 | MIT | 1 | 2022-11-16 - 07:45 | almost 2 years |
| 9.2.2 | MIT | 1 | 2022-11-09 - 15:21 | about 2 years |
| 9.2.2-rc.2 | MIT | 1 | 2022-11-09 - 09:30 | about 2 years |
| 9.2.1 | MIT | 1 | 2022-11-08 - 15:48 | about 2 years |
| 9.2.0 | MIT | 1 | 2022-11-01 - 14:15 | about 2 years |
| 9.2.0-rc10 | MIT | 1 | 2022-10-28 - 07:49 | about 2 years |
| 9.2.0-rc9 | MIT | 1 | 2022-10-24 - 08:33 | about 2 years |
| 9.2.0-rc8 | MIT | 1 | 2022-10-20 - 04:54 | about 2 years |
| 9.2.0-rc7 | MIT | 1 | 2022-10-19 - 06:03 | about 2 years |
| 9.2.0-rc6 | MIT | 1 | 2022-10-14 - 13:24 | about 2 years |
| 9.2.0-rc5 | MIT | 1 | 2022-10-12 - 07:38 | about 2 years |
| 9.2.0-rc4 | MIT | 1 | 2022-10-11 - 09:24 | about 2 years |
| 9.2.0-rc3 | MIT | 1 | 2022-10-11 - 07:30 | about 2 years |
| 9.2.0-rc2 | MIT | 1 | 2022-09-28 - 11:04 | about 2 years |
| 9.2.0-rc1 | MIT | 1 | 2022-09-09 - 13:15 | about 2 years |
| 9.1.7 | MIT | 1 | 2022-09-13 - 17:50 | about 2 years |
| 9.1.6 | MIT | 1 | 2022-08-18 - 18:41 | about 2 years |
| 9.1.5 | MIT | 1 | 2022-08-11 - 18:31 | over 2 years |
| 9.1.4 | MIT | 1 | 2022-08-04 - 18:35 | over 2 years |