Description
markdown-it before 4.1.0 does not block data: URLs.
Remediation
References
Related Vulnerabilities
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)
WordPress Plugin WooCommerce PHP Object Injection (3.1.0)
OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)
WordPress Plugin Buddypress Xprofile Custom Fields Type Arbitrary File Deletion (2.6.3)