Version Details and Security Vulnerabilities

📦

remarkable

0.1.0

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 0.1.0 of the package remarkable.

All Security Vulnerabilities

All the vulnerabilities related to the version 0.1.0 of the package

Summary:

Cross-site Scripting in remarkable

Details:

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.

Details about remarkable@0.1.0

Summary:

Content Injection in remarkable

Details:

Versions 1.4.0 and earlier of remarkable are affected by a cross-site scripting vulnerability. This occurs because vulnerable versions of remarkable did not properly whitelist link protocols, and consequently allowed javascript: to be used.

Proof of Concept

Markdown Source:

[link](<javascript:alert(1)>)

Rendered HTML:

<a href="javascript:alert(1)">link</a>

Recommendation

Update to version 1.4.1 or later

Details about remarkable@0.1.0

Summary:

XSS in Data URI in remarkable

Details:

Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript.

Proof of Concept

[link](data:text/html,<script>alert('0')</script>)

Recommendation

Update to v1.7.0 or later

Details about remarkable@0.1.0

Summary:

Regular Expression Denial of Service in remarkable

Details:

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

Details about remarkable@0.1.0

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 0.1.0 of the package remarkable.

All Security Vulnerabilities

All the vulnerabilities related to the version 0.1.0 of the package

Summary:

Cross-site Scripting in remarkable

Details:

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.

Details about remarkable@0.1.0

Summary:

Content Injection in remarkable

Details:

Proof of Concept

Markdown Source:

[link](<javascript:alert(1)>)

Rendered HTML:

<a href="javascript:alert(1)">link</a>

Recommendation

Update to version 1.4.1 or later

Details about remarkable@0.1.0

Summary:

XSS in Data URI in remarkable

Details:

Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript.

Proof of Concept

[link](data:text/html,<script>alert('0')</script>)

Recommendation

Update to v1.7.0 or later

Details about remarkable@0.1.0

Summary:

Regular Expression Denial of Service in remarkable

Details:

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

Details about remarkable@0.1.0

Version Details and Security Vulnerabilities

remarkable

Security Vulnerabilities

Version Details and Security Vulnerabilities

remarkable

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Proof of Concept

Recommendation

Proof of Concept

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Proof of Concept

Recommendation

Proof of Concept

Recommendation

Version Details and Security Vulnerabilities

remarkable

Security Vulnerabilities

Version Details and Security Vulnerabilities

remarkable

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

remarkable@0.1.0 GHSA-36m4-6v6m-4vpr 6.1

remarkable@0.1.0 GHSA-f9vc-q3hh-qhfv N/A

Proof of Concept

Recommendation

remarkable@0.1.0 GHSA-mrmf-qwxg-7c3h N/A

Proof of Concept

Recommendation

remarkable@0.1.0 GHSA-q22g-8fr4-qpj4 7.5

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

remarkable@0.1.0 GHSA-36m4-6v6m-4vpr 6.1

remarkable@0.1.0 GHSA-f9vc-q3hh-qhfv N/A

Proof of Concept

Recommendation

remarkable@0.1.0 GHSA-mrmf-qwxg-7c3h N/A

Proof of Concept

Recommendation

remarkable@0.1.0 GHSA-q22g-8fr4-qpj4 7.5