Skip to content

CVE-2015-1370 (Medium) detected in marked-0.1.9.tgz - autoclosed #152

Closed
#246
Closed
CVE-2015-1370 (Medium) detected in marked-0.1.9.tgz - autoclosed#152
#246
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-bolt-for-github

Description

@mend-bolt-for-github
mend-bolt-for-github
bot
opened on Mar 31, 2021

CVE-2015-1370 - Medium Severity Vulnerability

Vulnerable Library - marked-0.1.9.tgz

A markdown parser built for speed

Library home page: https://registry.npmjs.org/marked/-/marked-0.1.9.tgz

Path to dependency file: node/tools/doc/package.json

Path to vulnerable library: node/tools/doc/node_modules/marked/package.json

Dependency Hierarchy:

  • marked-0.1.9.tgz (Vulnerable Library)

Found in base branch: archived-io.js-v0.10

Vulnerability Details

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

Publish Date: 2015-01-27

URL: CVE-2015-1370

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/marked_vbscript_injection

Release Date: 2015-01-22

Fix Resolution: Update to version 0.3.3 or greater.

Step up your Open Source Security Game with WhiteSource here

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions