Marky 注入漏洞

Marky is a Markdown editor by Alessandro Arnodo, a Swiss individual developer. Marky suffers from an injection vulnerability that allows an attacker to execute arbitrary code by injecting a carefully crafted attack payload...

GHSA-PXMP-FWJC-4X7Q HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This Recommendatio...

HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This Recommendatio...

@clue/webpack-polyfills-plugin (=0.0.9), @helpdotcom/help-gen (=1.0.0) +39 more potentially affected by unknown CVE via marky-markdown (>=11.3.2 <=9.0.3)

marky-markdown NPM version =11.3.2, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.7.3-alpha, =0.1.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.34, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PXMP-FWJC-4X7Q...

GHSA-MG69-6J3M-JVGW HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

@clue/webpack-polyfills-plugin (=0.0.9), @helpdotcom/help-gen (=1.0.0) +39 more potentially affected by unknown CVE via marky-markdown (>=11.3.2 <=9.0.3)

marky-markdown NPM version =11.3.2, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.7.3-alpha, =0.1.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.34, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-MG69-6J3M-JVGW...

HTML Injection

marky-markdown is vulnerable to HTML Injection. The vulnerability exists as it improperly validates style attribute in img tag, allowing an attacker to pass malicious value...

HTML Injection

marky-markdown is vulnerable to HTML Injection. The vulnerability exists as it improperly validates youtube.com as the source value of the iframes. An attacker is able to pass in a value such as youtube.com.evil.com and bypass the validation...

HTML Injection

Overview All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This...

HTML Injection

Overview All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgra...