Description
markdown-it before 4.1.0 does not block data: URLs.
Remediation
References
Related Vulnerabilities
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)
Oracle Database Server CVE-2011-2243 Vulnerability (CVE-2011-2243)
WordPress Plugin DukaPress Multiple Cross-Site Scripting Vulnerabilities (2.5.9)
Ruby Other Vulnerability (CVE-2021-41817)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)