search

esdoc / esdoc-plugins

MIT License
139 stars 74 forks source link

Cross-site Scripting (XSS) via Data URIs [SEVERITY: HIGH] #50

Closed pixelass closed 6 years ago

pixelass commented 6 years ago

https://www.bithound.io/github/sinnerschrader/esdoc-custom-theme/master/dependencies/npm/esdoc-publish-html-plugin#security-advisories

Discovered in a nested dependency:esdoc-publish-html-plugin@1.1.0marked@0.3.6

https://snyk.io/vuln/npm:marked:20170112?utm_source=bithound

Cross-site Scripting (XSS) via Data URIs

Affecting marked package, versions <0.3.7

andrevenancio commented 6 years ago

any updates on this?

pixelass commented 6 years ago

@andrevenancio this repo is unmaintained until the owner responds.

Try working with https://github.com/esdoc2

andrevenancio commented 6 years ago

ohhh didn't realised nobody was looking after this repo.. what's the diff with esdoc2 ?

pixelass commented 6 years ago

esdoc2 is a fork of esdoc. It was created due to the lack of response and amount of open issues.