CVE-2024-36109 Information

Description

CoCalc is web-based software that enables collaboration in research teaching and scientific publishing. In affected versions the markdown parser allows <script> tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Reference

https://github.com/sagemathinc/cocalc/security/advisories/GHSA-8w44-hggw-p5rf https://github.com/sagemathinc/cocalc/commit/419862a9c9879c