Cross-site Scripting (XSS) via Data URIs [SEVERITY: HIGH] #50

pixelass · 2018-02-12T10:08:39Z

https://www.bithound.io/github/sinnerschrader/esdoc-custom-theme/master/dependencies/npm/esdoc-publish-html-plugin#security-advisories

Discovered in a nested dependency:esdoc-publish-html-plugin@1.1.0marked@0.3.6

https://snyk.io/vuln/npm:marked:20170112?utm_source=bithound

Cross-site Scripting (XSS) via Data URIs

Affecting marked package, versions <0.3.7

The text was updated successfully, but these errors were encountered:

andrevenancio · 2018-04-25T13:45:19Z

any updates on this?

pixelass · 2018-04-25T13:57:20Z

@andrevenancio this repo is unmaintained until the owner responds.

Try working with https://github.com/esdoc2

andrevenancio · 2018-04-25T14:22:22Z

ohhh didn't realised nobody was looking after this repo.. what's the diff with esdoc2 ?

pixelass · 2018-04-25T14:53:43Z

esdoc2 is a fork of esdoc. It was created due to the lack of response and amount of open issues.

pixelass changed the title ~~Cross-site Scripting (XSS) via Data URIsSEVERITY: HIGH~~ Cross-site Scripting (XSS) via Data URIs [SEVERITY: HIGH] Feb 12, 2018

This was referenced Feb 12, 2018

dev dependencies #51

Closed

Maintainance status #53

Closed

Update "marked" dependency due to security vulnerability esdoc/esdoc#492

Closed

jan-molak mentioned this issue Feb 20, 2018

Updated 'marked' to address the security issues esdoc/esdoc#503

Merged

pixelass mentioned this issue Apr 25, 2018

Security vulnerability in using marked@0.3.6 #60

Open

pixelass closed this as completed May 2, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cross-site Scripting (XSS) via Data URIs [SEVERITY: HIGH] #50

Cross-site Scripting (XSS) via Data URIs [SEVERITY: HIGH] #50

pixelass commented Feb 12, 2018