Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags

PKSA-kfdm-v91n-smy3 CVE-2021-30458

Affected package: wikimedia/parsoid

Affected version: <0.12.2

Reported by:
FriendsOfPHP/security-advisories