CVE-2024-21535:
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
Migration status for node-markdown-to-jsx (7.2.0+dfsg-2 to 7.2.0+dfsg-3): Waiting for test results or another package, or too young (no action required now - check later)