Medium
CVE-2022-31108
Node.js mermaid module could allow a remote authenticated attacker to obtain sensitive information, caused by an injection flaw. By sending specially-crafted CSS into the generated graph, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Information Disclosure
Node.js
Node.js mermaid 9.1.1
Upgrade to the latest version of mermaid, available from the Mermaid GIT Repository.