CVE-2016-10531 Information

Description

marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input specifically HTML entities it’s possible to bypass marked’s content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &xNNanything; gets parsed to what it could and leaves the rest behind resulting in just anything; being left.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/chjj/marked/pull/592 https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523 https://nodesecurity.io/advisories/101

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1