181 matches found
Code injection
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
CVE-2022-0748
CVE-2022-0748 affects the post-loader package (Webpack loader for Markdown blog posts). The root cause is unsafe handling of a Markdown parser which allows JavaScript in Markdown inputs to be evaluated and executed, enabling arbitrary code execution. Affected versions are 0.0.0 and later. Public ...
CVE-2022-0748 Arbitrary Code Execution
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
CVE-2022-0748
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...
post-loader 跨站脚本漏洞
post-loader is a Webpack loader for China EGOIST individual developers. It is used to write blog posts in Markdown. A cross-site scripting vulnerability exists in post-loader, which stems from the use of the markdown parser in an insecure manner, so that any javascript code in a markdown input fi...
PT-2022-13408 · Unknown · Post-Loader
Name of the Vulnerable Software and Affected Versions: post-loader versions 0.0.0 and later Description: The issue concerns the post-loader package, which is a webpack loader for blog posts written in Markdown. It is vulnerable to Arbitrary Code Execution due to the use of a markdown parser in an...
The vulnerability of the md_analyze_line function (md4c.c) in the MD4C parser, which relates to the use of an uninitialized resource, allows a hacker to cause a service failure.
The vulnerability of the mdanalyzeline function in the MD4C parser is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
DEBIAN-CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
UBUNTU-CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21681
CVE-2022-21681 affects the Marked markdown parser. The vulnerability is caused by the regular expression inline.reflinkSearch, which may cause catastrophic backtracking and a denial of service when processing untrusted Markdown. Affected versions are prior to 4.0.10. The issue is patched in 4.0.1...
marked 安全漏洞
marked is a Markdown parser and compiler written in JavaScript. marked has a security vulnerability that can be exploited by attackers to cause a regular expression denial of service ReDoS...
CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
CVE-2022-21680
CVE-2022-21680 affects the Node.js Marked markdown parser. Prior to 4.0.10, regex block.def can cause catastrophic backtracking leading to ReDoS when processing untrusted markdown; patch is 4.0.10. Workarounds include running Marked in a worker thread with a reasonable time limit or avoiding untr...
CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...