Bug 1110214 (CVE-2014-3743) - CVE-2014-3743 marked: multiple content injection vulnerabilities
Summary: CVE-2014-3743 marked: multiple content injection vulnerabilities
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2014-3743
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1110215 1110216
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-17 09:14 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 06:28 UTC (History)
2 users (show)

Fixed In Version: marked 0.3.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-18 04:32:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2014-06-17 09:14:00 UTC 
Marked comes with an option to sanitize user output to help protect against content injection attacks.

...
sanitize: true
...

Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser.

Injection is possible in two locations

 - gfm codeblocks (language)
 - javascript url's

External References:

 https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
 http://www.securityfocus.com/bid/67356
 http://permalink.gmane.org/gmane.comp.security.oss.general/12787
Comment 1 Vasyl Kaigorodov 2014-06-17 09:14:34 UTC 
Created marked tracking bugs for this issue:

Affects: fedora-all [bug 1110215]
Affects: epel-6 [bug 1110216]
Comment 2 T.C. Hollingsworth 2014-06-18 04:32:18 UTC 
This is already resolved by the 0.3.2 update on 2014-04-19.
Note You need to log in before you can comment on or make changes to this bug.