[MEDIUM] Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags

PKSA-kfdm-v91n-smy3 CVE-2021-30458 GHSA-5pqx-77vf-85rw

Affected package: wikimedia/parsoid

Affected version: <0.12.2

Reported by:
GitHub, FriendsOfPHP/security-advisories