View Issue Details

IDProjectCategoryView StatusLast Update
0025675mantisbtsecuritypublic2024-04-22 12:20
Reporterdregad Assigned Todregad  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.12.1 
Target Version2.20.1Fixed in Version2.20.1 
Summary0025675: CVE-2019-10905: Update Parsedown library to 1.7.3

Parsedown < 1.7.2 is vulnerable to attacks allowing users to inject arbitrary CSS classes into code blocks. This affects all MantisBT issues where Markdown processing is enabled.

For further details, see

The problem was fixed in Parsedown 1.7.2, but due to a mislabeled released tag, 1.7.3 was released shortly thereafter.

TagsNo tags attached.


related to 0034415 resolveddregad Update Parsedown library to 1.7.4 


There are no notes attached to this issue.

Related Changesets

MantisBT: dependabot/composer/erusev/parsedown-1.7.3 72e34794

2019-04-02 22:40


Committer: dregad

Details Diff
Bump erusev/parsedown from 1.7.1 to 1.7.3

Bumps [erusev/parsedown]( from 1.7.1 to 1.7.3.
- [Release notes](
- [Commits](

Signed-off-by: dependabot[bot] <>

Fixes 0025675

Signed-off-by: Damien Regad <>
Affected Issues
mod - composer.lock Diff File