CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

DEBIAN-CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

UBUNTU-CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

Code injection

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

CVE-2022-21670 Uncontrolled Resource Consumption in markdown-it

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

CVE-2022-21670

CVE-2022-21670 affects the markdown-it Markdown parser. The vulnerability arises from handling of special patterns with length over 50,000 characters, which can cause significant slowdown (denial of service) in affected versions. The issue is addressed by upgrading to version 12.3.2 ; there are n...

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

Markdown-It 资源管理错误漏洞

Markdown-It is a Markdown parser. A security vulnerability exists in Markdown-It, which originates from Markdown-It is a Markdown parser. Prior to version 1.3.2, special patterns greater than 50,000 characters in length significantly slowed down the parser. Users should upgrade to version 12.3.2 ...

PT-2022-15024 · Unknown · Markdown-It

Name of the Vulnerable Software and Affected Versions: markdown-it versions prior to 12.3.2 Description: The issue concerns a Markdown parser that can be significantly slowed down by special patterns with lengths greater than 50 thousand characters. There are no known real-world incidents or...

Cross-site Scripting (XSS)

Overview markdown-it-toc is an Adds syntax for an automatically generated table of contents to markdown-it markdown parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The title of the generated toc and the contents of the header are not escaped. PoC // XSS from...

@halo-dev/markdown-renderer (>=1.0.0-alpha.11 <=1.0.0-alpha.50), @jx3box/jx3box-bmap (>=0.0.1 <=0.1.15) +119 more potentially affected by CVE-2020-28455 via markdown-it-toc (=1.1.0)

markdown-it-toc NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-it-toc and may be impacted: - @halo-dev/markdown-renderer =1.0.0-alpha.11, =0.0.1, =1.8.9, =5.4.2, =1.0.3, =0.0.1, =0.1.5, =0.1.0, =0.0.1, =0.1.1, =1.0.6, =0.0....

@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)

markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: SNYK:JS-MARKDOWNITDECORATE-1044068...

Cross-site Scripting (XSS)

Overview markdown-it-decorate is an Add classes, identifiers and attributes to your markdown with HTML comments Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can add an event handler or use javascript:xxx for the link. PoC const md = require'markdown-it...

Valeriangalliat Markdown It Highlightjs Cross-Site Scripting Vulnerability

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

Code injection

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

@boyuai/fe-base (>=0.37.0 <=0.42.6), @boyuai/markdown (>=0.1.0 <=0.6.0) +29 more potentially affected by unknown CVE via markdown-it-texmath (>=0.4.7 <=0.8.0)

markdown-it-texmath NPM version =0.4.7, =0.37.0, =0.1.0, =0.1.1, =0.2.1, =0.0.1, =0.0.7, =1.0.0, =2.15.3-alpha.0, =1.1.0, =0.1.0, =0.1.0, =0.6.0, =1.3.5 - @navanjr/vuetify-markdown-editor =1.0.0 - @suehok/vuetify-markdown-editor =3.3.4 and more Source cves: unknown CVE Source advisory:...

Cross-site Scripting (XSS)

Overview markdown-it-texmath is a that add TeX math equations to your Markdown documents rendered by markdown-it parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Within texmath.js, it is possible to bypass the current validation and inject JavaScript within ma...

CVE-2020-7773 Cross-site Scripting (XSS)

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...