CVE-2019-12043 (Medium) detected in hello-algorithm3c8367b3dbc7e7174d30bfa1a9270b3ab863ff7f

[mend-for-github-com[bot]]

CVE-2019-12043 - Medium Severity Vulnerability

Vulnerable Library - hello-algorithm3c8367b3dbc7e7174d30bfa1a9270b3ab863ff7f

??????1???? 30w ??????? 2?100 ??????????? 3?????????? 4?100 ??????? 5????????? 100 ?

Library home page: https://github.com/geekxh/hello-algorithm.git

Found in HEAD commit: 8a85da74af12dda4095dcafaf3ad66599e8d67ba

Vulnerable Source Files (1)

finos-fo/website/node_modules/remarkable/lib/parser_inline.js

Vulnerability Details

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.

Publish Date: 2019-05-13

URL: CVE-2019-12043

CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.