[markdown-it-katex] Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting (XSS). The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim’s browser by triggering an error.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

References

• https://github.com/waylonflinn/markdown-it-katex/issues/26
• https://www.npmjs.com/advisories/1466
• https://github.com/advisories/GHSA-5ff8-jcf9-fw62