CVE-2018-1000162: XSS Vulnerability

April 18, 2018 (updated May 21, 2018)

Parsedown contains a Cross Site Scripting (XSS) vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries.

References

github.com/erusev/parsedown/pull/495

Code Behaviors & Features

Detect and mitigate CVE-2018-1000162 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →