2017/10/GHSA-5726-g6r9-5f22 Potential for Script Injection in syntax-error