Marked: Cross-site Scripting (XSS) via Data URIs - snyk notifications
✗ High severity vulnerability found on [email protected]
- desc: Cross-site Scripting (XSS) via Data URIs
- info: https://snyk.io/vuln/npm:marked:20170112
- from: [email protected] > [email protected]
Fix: None available. Consider removing this dependency.
✗ High severity vulnerability found on [email protected]
- desc: Cross-site Scripting (XSS) via Data URIs
- info: https://snyk.io/vuln/npm:marked:20170112
- from: [email protected] > [email protected] > [email protected]
Fix: None available. Consider removing this dependency.
✗ High severity vulnerability found on [email protected]
- desc: Cross-site Scripting (XSS) via Data URIs
- info: https://snyk.io/vuln/npm:marked:20170112
- from: [email protected] > [email protected] > [email protected] > [email protected]
Fix: None available. Consider removing this dependency.
knoxcard
All 6 comments
We are waiting for https://github.com/chjj/marked/pull/844 to be pushed by the maintainer.
matt-
on 6 Mar 2017
I am keeping this one open until the change is pushed, but I wanted to rename the ticket to make it more search friendly.
matt-
on 14 Mar 2017
This seems important enough to cut a new release for. Any reason that isn't being done?
matt-snider
on 12 Apr 2017
@chjj @matt- @paulirish Any word on getting a tag for this fix?
stramel
on 30 May 2017
0.3.7 finally came out, and did include the previous submitted fixes. Unfortunately, there's still one high-severity vulnerability that is supposed to be addressed by the upcoming 0.3.9 release.
the-t-in-rtf
on 8 Dec 2017
Believe 0.3.9 corrects all these issues. Please confirm and comment, if incorrect.
joshbruce
on 25 Dec 2017
Related issues
FireflyAndStars
·
3Comments
priyesh-diukar
·
3Comments
zoe-cjf
·
3Comments
camwiegert
·
4Comments
eGavr
·
4Comments
Most helpful comment
@chjj @matt- @paulirish Any word on getting a tag for this fix?