Description
markdown-it before 4.1.0 does not block data: URLs.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7890)
WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)
WordPress Plugin Login With Ajax Cross-Site Scripting (3.1.6)
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)