Описание
Marked vulnerable to XSS from data URIs
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000427
- https://github.com/advisories/GHSA-7px7-7xjx-hxm8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S
- https://snyk.io/vuln/npm:marked:20170112
Пакеты
Наименование
marked
npm
Затронутые версииВерсия исправления
< 0.3.7
0.3.7
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 8 лет назад
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
CVSS3: 6.1
nvd
около 8 лет назад
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
CVSS3: 6.1
debian
около 8 лет назад
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...