CVE-2017-16006
UNKNOWN
Published 2018-06-04T19:00:00Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-16006. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected versions of `remarkable` are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of `data:` URIs in links, and can therefore execute javascript.
## Proof of Concept
```markdown
[link](data:text/html,<script>alert('0')</script>)
```
## Recommendation
Update to v1.7.0 or later
Affected Packages
npm
remarkable
ECOSYSTEM:
≥0
<1.7.0
CVSS Scoring
CVSS Score
7.5
References
Advisory provided by GitHub Security Advisory Database. Published: November 9, 2018, Modified: September 8, 2023
References
Published: 2018-06-04T19:00:00Z
Last Modified: 2024-09-17T03:01:59.476Z
Copied to clipboard!