5 matches found
Content injection in marked
Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...
GHSA-WJMF-58VC-XQJR Content injection in marked
Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...
Cross-Site Scripting in marked
Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity...
Regular Expression Denial of Service
Overview In affected versions of marked, a Denial of Service attack can affect anyone who processes user generated code. Recommendation Upgrade to version 2.0.0 or later References - GitHub Advisory - CVE...
GHSA-X5PG-88WF-QQ4P Regular Expression Denial of Service in marked
Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later...