WS-2015-0049 (Medium) detected in marked-0.3.19.js - autoclosed

[mend-for-github-com[bot]]

WS-2015-0049 - Medium Severity Vulnerability

Vulnerable Library - marked-0.3.19.js

A markdown parser built for speed

Library home page: https://cdnjs.cloudflare.com/ajax/libs/marked/0.3.19/marked.js

Path to dependency file: /tmp/ws-scm/doccano/app/server/static/node_modules/marked/www/demo.html

Path to vulnerable library: /doccano/app/server/static/node_modules/marked/www/../lib/marked.js

Dependency Hierarchy: - :x: **marked-0.3.19.js** (Vulnerable Library)

Vulnerability Details

Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even when sanitize:true is set.

Publish Date: 2019-03-17

URL: WS-2015-0049

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/24/versions

Release Date: 2019-03-17

Fix Resolution: 0.3.3

[mend-for-github-com[bot]]

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #18