Multiple Content Injection Vulnerabilities in marked
Moderate severity
GitHub Reviewed
Published
Aug 31, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Aug 31, 2020
Last updated
Jan 9, 2023
Versions 0.3.0 and earlier of
marked
are affected by two cross-site scripting vulnerabilities, even whensanitize: true
is set.The attack vectors for this vulnerability are GFM Codeblocks and JavaScript URLs.
Recommendation
Upgrade to version 0.3.1 or later.
References