| Revision Date: | 2014-05-14 | Version: | 1 | | Title: | CVE-2014-3743 on Ubuntu 16.04 LTS (xenial) - medium. | | Description: | Marked comes with an option to sanitize user output to help protect against content injection attacks. Marked comes with an option to sanitize user output to help protect against content injection attacks. sanitize: true Marked comes with an option to sanitize user output to help protect against content injection attacks. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Marked comes with an option to sanitize user output to help protect against content injection attacks. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations Marked comes with an option to sanitize user output to help protect against content injection attacks. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations * gfm codeblocks (language) * javascript url's
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-3743
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND NOT While related to the CVE in some way, the 'node-marked' package in xenial is not affected (note: '0.3.2+dfsg-1').
|
|