Description
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
Remediation
References
https://nodesecurity.io/advisories/319
https://github.com/jonschlinkert/remarkable/issues/227
Related Vulnerabilities
CVE-2022-36076 Vulnerability in npm package nodebb
CVE-2021-27191 Vulnerability in npm package get-ip-range
CVE-2022-0239 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp
CVE-2017-3202 Vulnerability in maven package com.exadel.flamingo.flex:amf-serializer
CVE-2022-29078 Vulnerability in maven package org.webjars.npm:ejs