Description
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.
Remediation
References
https://github.com/jonschlinkert/remarkable/issues/97
https://nodesecurity.io/advisories/30
Related Vulnerabilities
CVE-2020-7633 Vulnerability in npm package apiconnect-cli-plugins
CVE-2019-6002 Vulnerability in maven package com.linecorp.centraldogma:centraldogma-server
CVE-2015-2913 Vulnerability in maven package com.orientechnologies:orientdb-server
CVE-2017-16198 Vulnerability in npm package ritp
CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core