181 matches found
CVE-2020-15820
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence...
CVE-2020-15820
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence...
Design/Logic Flaw
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence...
CVE-2020-15820
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence...
CVE-2020-15820
The CVE-2020-15820 issue affects YouTrack (JetBrains) prior to version 2020.2.6881, where the Markdown parser could disclose the existence of a hidden file. The problem is documented in JetBrains’ Q2 2020 security bulletin, which notes that YouTrack was updated to resolve this vulnerability in 20...
Zulip server Markdown parser cross-site scripting vulnerability
Zulip server is an open source team chat application from Zulip Inc.Markdown parser is one of the Markdown markup language parser. A cross-site scripting vulnerability exists in the modallink function of Markdown parser in Zulip Server versions prior to 2.1.3. The vulnerability stems from a lack ...
Cross-site Scripting (XSS)
Overview written is a rich Markdown editor for the web. Note: This package is deprecated EOL Affected versions of this package are vulnerable to Cross-site Scripting XSS. When parsing and converting markdown into HTML, it is possible to inject malicious JavaScript elements that can result in XSS...
CVE-2019-16215
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...
CVE-2019-16215
CVE-2019-16215 affects the Zulip server before 2.0.5. The Markdown parser uses a regular expression vulnerable to exponential backtracking, allowing a logged-in user to craft a message that could cause the server to consume excessive CPU time and stall processing of subsequent messages. The Red H...
CVE-2019-16215
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...
PT-2019-14585 · Zulip · Zulip Server
Name of the Vulnerable Software and Affected Versions: Zulip server versions prior to 2.0.5 Description: The issue concerns the Markdown parser in the Zulip server, which used a regular expression vulnerable to exponential backtracking. This could allow a logged-in user to send a crafted message,...
Fedora 30 : snapd-glib (2019-b6612c5fe5)
Update to v1.48 - New API : - snapdclientgetconnectionsasync - snapdclientgetconnectionsfinish - snapdclientgetconnectionssync - snapdclientgetinterfaces2async - snapdclientgetinterfaces2finish - snapdclientgetinterfaces2sync - snapdclientgetsnapconfasync - snapdclientgetsnapconffinish -...
Fedora 29 : snapd-glib (2019-bc3dfb389f)
Update to v1.48 - New API : - snapdclientgetconnectionsasync - snapdclientgetconnectionsfinish - snapdclientgetconnectionssync - snapdclientgetinterfaces2async - snapdclientgetinterfaces2finish - snapdclientgetinterfaces2sync - snapdclientgetsnapconfasync - snapdclientgetsnapconffinish -...
Christopher Jeffrey marked Access Control Error Vulnerability
marked is the United States Christopher Jeffrey software developers of a Markdown parser and compiler written in JavaScript . An access control error vulnerability exists in marked. The vulnerability arises from a network system or product that does not properly restrict access to resources from...
[SECURITY] Fedora 30 Update: nodejs-simple-markdown-0.4.4-1.fc30
simple-markdown is a markdown-like parser designed for simplicity and extensibility...
[SECURITY] Fedora 28 Update: php-erusev-parsedown-1.7.1-1.fc28
Markdown parser in PHP. Autoloader: /usr/share/php/erusev/parsedown/autoload.php...
CVE-2018-1000874
DISPUTED PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by...
CVE-2018-1000874
PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...
CVE-2018-1000874
PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...
CVE-2018-1000874
PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...