CVE-2014-1850: Marked multiple content injection vulnerabilities
Marked comes with an option to sanitize user output to help protect against content injection attacks. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations - gfm codeblocks (language) - javascript url’s
Code Behaviors & Features
Detect and mitigate CVE-2014-1850 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →