Description
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.
Remediation
References
https://nodesecurity.io/advisories/30
https://github.com/jonschlinkert/remarkable/issues/97
Related Vulnerabilities
CVE-2023-49379 Vulnerability in maven package com.jfinal:jfinal
CVE-2021-41165 Vulnerability in npm package ckeditor4
CVE-2014-3488 Vulnerability in maven package io.netty:netty
CVE-2023-34620 Vulnerability in maven package org.hjson:hjson
CVE-2022-23458 Vulnerability in maven package org.webjars.bowergithub.nhn:tui.grid