Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Highlight.js vulnerability (USN-8276-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8276-1 advisory. It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype...

USN-8276-1: Highlight.js vulnerability

It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour...

EUVD-2020-1472

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-26237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HT...

Regular Expression Denial Of Service (ReDoS)

highlight.js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the grammars used by the parser during highlightAuto...