CVE-2018-1000874

Name of the Vulnerable Software and Affected Versions: cebe markdown parser versions 1.2.0 and earlier

Description: The issue allows a maliciously crafted script to be executed, potentially resulting in the loss of user data and sensitive user information. This can be exploited by crafting a three backtick wrapped payload with a character in front, such as "<script>alert();</script>".

Recommendations: For cebe markdown parser versions 1.2.0 and earlier, consider sanitizing user input to prevent malicious code execution until a fix is available. As a temporary workaround, restrict the use of the markdown parser for untrusted input to minimize the risk of exploitation.