A vulnerability was found in marked. Due to the way that marked parses input, specifically HTML entities, it's posible to bypass marked's content injection protection to inject an URL. External references: https://nodesecurity.io/advisories/101 Possible fix: https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523
Created marked tracking bugs for this issue: Affects: fedora-all [bug 1328406] Affects: epel-6 [bug 1328407] Affects: epel-7 [bug 1328408]
CVE assignment: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.