RSS   Vulnerabilities for 'Markdown-it'   RSS

2022-01-10
 
CVE-2022-21670

CWE-400
 
 
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

 
2017-06-07
 
CVE-2015-3295

 
 
markdown-it before 4.1.0 does not block data: URLs.

 

Copyright 2024, cxsecurity.com

 

Back to Top