CVE-2015-329507.06.2017, 21:29markdown-it before 4.1.0 does not block data: URLs.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.3 MEDIUMNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 67%VendorProductVersionmarkdown-it_projectmarkdown-it4.0.3𝑥= Vulnerable software versionsDebian ReleasesDebian ProductCodenameruby-rails-assets-markdown-itbullseye8.4.2-5fixedsid8.4.2-6fixedtrixie8.4.2-6fixedbookworm8.4.2-6fixedCommon Weakness EnumerationCWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Referenceshttp://www.openwall.com/lists/oss-security/2015/04/10/10http://www.securityfocus.com/bid/71824https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3http://www.openwall.com/lists/oss-security/2015/04/10/10http://www.securityfocus.com/bid/71824https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3
