WEB APPLICATION VULNERABILITIES Standard & Premium

markdown-it Improper Access Control Vulnerability (CVE-2015-3295)

Description

markdown-it before 4.1.0 does not block data: URLs.

Remediation

References

Related Vulnerabilities

Joomla! Core 2.5.x Denial of Service (2.5.4 - 2.5.25)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.19)

WordPress Plugin Google Forms Unspecified Vulnerability (0.93)

Ruby Numeric Errors Vulnerability (CVE-2008-2662)

Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)

Severity

Medium

Classification

CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities