209 matches found
GHSA-4R9G-W48Q-8JWM HyperDown vulnerable to Cross-site Scripting
HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds...
npm hyperdown 跨站脚本漏洞
npm hyperdown is a library from the American company npm. A security vulnerability exists in npm hyperdown, which stems from the fact that the module that parses markdown does not filter the href attribute well...
PT-2022-17566 · Joyqi · Hyper-Down
Name of the Vulnerable Software and Affected Versions: joyqi/hyper-down versions 0.0.0 and later Description: The issue arises from improper validation of the href attribute in the markdown parser module, leading to Cross-site Scripting XSS. There is no information about the estimated number of...
CVE-2022-34749
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well. PoC 1 Step 1: load the HyperDownParser module: php $parser = new HyperDownParser; 2 Step 2: add the payload: php $text = "!";...
GHSA-66WW-999Q-MFFQ Arbitrary code execution in post-loader
post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...
CVE-2022-0748
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
Code injection
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
CVE-2022-0748 Arbitrary Code Execution
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
CVE-2022-0748
CVE-2022-0748 affects the post-loader package (Webpack loader for Markdown blog posts). The root cause is unsafe handling of a Markdown parser which allows JavaScript in Markdown inputs to be evaluated and executed, enabling arbitrary code execution. Affected versions are 0.0.0 and later. Public ...
CVE-2022-0748 Arbitrary Code Execution
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
CVE-2022-0748
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
post-loader 跨站脚本漏洞
post-loader is a Webpack loader for China EGOIST individual developers. It is used to write blog posts in Markdown. A cross-site scripting vulnerability exists in post-loader, which stems from the use of the markdown parser in an insecure manner, so that any javascript code in a markdown input fi...
PT-2022-13408 · Unknown · Post-Loader
Name of the Vulnerable Software and Affected Versions: post-loader versions 0.0.0 and later Description: The issue concerns the post-loader package, which is a webpack loader for blog posts written in Markdown. It is vulnerable to Arbitrary Code Execution due to the use of a markdown parser in an...
The vulnerability of the md_analyze_line function (md4c.c) in the MD4C parser, which relates to the use of an uninitialized resource, allows a hacker to cause a service failure.
The vulnerability of the mdanalyzeline function in the MD4C parser is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
DEBIAN-CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
UBUNTU-CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...