Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/marked@0.3.0
Typenpm
Namespace
Namemarked
Version0.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.1
Latest_non_vulnerable_version4.0.10
Affected_by_vulnerabilities
0
url VCID-3hp9-cv2c-r7gc
vulnerability_id VCID-3hp9-cv2c-r7gc
summary 
Multiple Content Injection Vulnerabilities
Marked comes with an option to sanitize user output to help protect against content injection attacks.

```sanitize: true```

Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser.

Injection is possible in two locations

- gfm codeblocks (language)
- javascript url's
references
0
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json
reference_id 22
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json
fixed_packages
0
url pkg:npm/marked@0.3.1
purl pkg:npm/marked@0.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/marked@0.3.1
aliases CVE-2014-3743
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hp9-cv2c-r7gc
1
url VCID-xdzq-65a6-67h5
vulnerability_id VCID-xdzq-65a6-67h5
summary 
Multiple Content Injection Vulnerabilities
Marked comes with an option to sanitize user output to help protect against content injection attacks.

```sanitize: true```

Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser.

Injection is possible in two locations

- gfm codeblocks (language)
- javascript url's
references
0
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json
reference_id 22
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json
fixed_packages
0
url pkg:npm/marked@0.3.1
purl pkg:npm/marked@0.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/marked@0.3.1
aliases CVE-2014-1850
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdzq-65a6-67h5
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/marked@0.3.0