{"url":"http://public2.vulnerablecode.io/api/packages/6511?format=json","purl":"pkg:npm/marked@0.3.0","type":"npm","namespace":"","name":"marked","version":"0.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.3.1","latest_non_vulnerable_version":"4.0.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30516?format=json","vulnerability_id":"VCID-3hp9-cv2c-r7gc","summary":"Multiple Content Injection Vulnerabilities\nMarked comes with an option to sanitize user output to help protect against content injection attacks.\n\n```sanitize: true```\n\nEven if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser.\n\nInjection is possible in two locations\n\n- gfm codeblocks (language)\n- javascript url's","references":[{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json","reference_id":"22","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6512?format=json","purl":"pkg:npm/marked@0.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/marked@0.3.1"}],"aliases":["CVE-2014-3743"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hp9-cv2c-r7gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30483?format=json","vulnerability_id":"VCID-xdzq-65a6-67h5","summary":"Multiple Content Injection Vulnerabilities\nMarked comes with an option to sanitize user output to help protect against content injection attacks.\n\n```sanitize: true```\n\nEven if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser.\n\nInjection is possible in two locations\n\n- gfm codeblocks (language)\n- javascript url's","references":[{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json","reference_id":"22","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6512?format=json","purl":"pkg:npm/marked@0.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/marked@0.3.1"}],"aliases":["CVE-2014-1850"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdzq-65a6-67h5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/marked@0.3.0"}