CVE-2017-1000427: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
marked is vulnerable to an XSS attack in the data: URI parser.
References
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS/
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S/
- nvd.nist.gov/vuln/detail/CVE-2017-1000427
- snyk.io/vuln/npm:marked:20170112
Detect and mitigate CVE-2017-1000427 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →