GMS-2016-24: Sanitization bypass using HTML Entities
Due to the way that marked parses input, specifically HTML entities, it’s possible to bypass marked’s content injection protection (sanitize: true
) to inject a javascript:
URL. This flaw exists because &#xNNanything;
gets parsed to what it could and leaves the rest behind, resulting in just anything;
being left.
References
Detect and mitigate GMS-2016-24 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →