GMS-2014-25: Content Injection

November 13, 2014

Certain input when passed into remarkable will bypass the bad prototcol check that disallows the javascript: scheme allowing for javascript: url’s to be injected into the rendered content.

References

github.com/jonschlinkert/remarkable/issues/97

Detect and mitigate GMS-2014-25 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →