Description
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
Remediation
References
https://github.com/jonschlinkert/remarkable/issues/227
https://nodesecurity.io/advisories/319
Related Vulnerabilities
CVE-2023-45134 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-44684 Vulnerability in npm package github-todos
CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2017-18354 Vulnerability in npm package rendertron-middleware
CVE-2023-46502 Vulnerability in maven package org.opencrx:opencrx-core