Lucene search

K

GoogleOSV:GHSA-QJ3F-9GMQ-FWV5

HistoryApr 09, 2019 - 7:47 p.m.

Cross-Site Scripting in simple-markdown

2019-04-0919:47:29

Google

osv.dev

10

EPSS

0.001

Percentile

51.0%

Versions of simple-markdown prior to 0.4.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.

Recommendation

Upgrade to version 0.4.4 or later.

References

github.com/advisories/GHSA-qj3f-9gmq-fwv5

github.com/Khan/simple-markdown

github.com/Khan/simple-markdown/pull/63

lists.fedoraproject.org/archives/list/[email protected]/message/JFLP3KJVSV5VWMNEBRXLGRVYFXOV5KOG

lists.fedoraproject.org/archives/list/[email protected]/message/KZG2I7VH7WLSEUQ77KYP5CRAVFT2RK2U

lists.fedoraproject.org/archives/list/[email protected]/message/O5EFW655O3BXZYAPB65XEREXB2DSNSOT

nvd.nist.gov/vuln/detail/CVE-2019-9844

www.npmjs.com/advisories/815

www.npmjs.com/package/simple-markdown/v/0.4.4

EPSS

0.001

Percentile

51.0%

Related for OSV:GHSA-QJ3F-9GMQ-FWV5

nessus3 githubexploit1 fedora3 prion1 cve1 veracode1 github1 openvas2 nodejs1 cvelist1 osv1 nvd1