CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. | 7.5 |
Haute |
||
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | 6.1 |
Moyen |
||
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. | 4.3 |