Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2021/02/25 2:1 a.m.12 views

Content injection in marked

Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...

4.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2021/02/25 2:1 a.m.4 views

GHSA-WJMF-58VC-XQJR Content injection in marked

Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...

7.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/02/25 2:1 a.m.6 views

Cross-Site Scripting in marked

Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity...

1.5AI score
Exploits0References3Affected Software1
Node.js
Node.js
added 2021/02/24 2:39 a.m.97 views

Regular Expression Denial of Service

Overview In affected versions of marked, a Denial of Service attack can affect anyone who processes user generated code. Recommendation Upgrade to version 2.0.0 or later References - GitHub Advisory - CVE...

5CVSS6.1AI score0.02462EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/07/24 8:10 p.m.23 views

GHSA-X5PG-88WF-QQ4P Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later...

7.5CVSS7.4AI score0.01758EPSS
Exploits1References4
Rows per page
Query Builder