10 matches found
EUVD-2021-2027
Malware in sbrugna...
CVE-2021-39199
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...
Unsafe defaults in `remark-html`
Impact The documentation of remark-html has mentioned that it was safe by default. In practise the default was never safe and had to be opted into. This means arbitrary HTML can be passed through leading to potential XSS attacks. Patches The problem has been patched in 13.0.2 and 14.0.1:...
GHSA-9Q5W-79CV-947M Unsafe defaults in `remark-html`
Impact The documentation of remark-html has mentioned that it was safe by default. In practise the default was never safe and had to be opted into. This means arbitrary HTML can be passed through leading to potential XSS attacks. Patches The problem has been patched in 13.0.2 and 14.0.1:...
@anemone/newline-use-comments (=3.0.0), @artur0prets/parcel-transformer-remark (=0.0.3) +100 more potentially affected by CVE-2021-39199 via remark-html (>=10.0.0 <=13.0.1)
remark-html NPM version =10.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.1, =0.1.1, =1.0.0, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-15, =0.0.2-18 and more Source cves: CVE-2021-39199 Source advisory: OSV:GHSA-9Q5W-79CV-947M...
CVE-2021-39199
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...
CVE-2021-39199
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...
Design/Logic Flaw
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...
CVE-2021-39199 Cross site scripting via unsafe defaults in remark-html
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...
CVE-2021-39199
CVE-2021-39199 concerns the remark-html Node.js library. The root cause is unsafe default behavior: user input could bypass sanitization, allowing arbitrary HTML and potential XSS. The vulnerability is addressed in versions 13.0.2 and 14.0.1 where safe-by-default behavior was implemented, alignin...