PT-2021-24405 — Marked Marked

PT-2021-24405 · Marked · Marked

Published

2021-02-25

Updated

2021-02-25

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: marked versions 0.3.7 and earlier

Description: The issue is related to the handling of HTML character entities in hexadecimal form. Specifically, the software only unescapes lowercase hexadecimal characters, while browsers support both lowercase and uppercase 'x' in hexadecimal form.

Recommendations: For versions 0.3.7 and earlier, update to a version that properly handles both lowercase and uppercase 'x' in hexadecimal form of HTML character entities.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

GHSA-8WP3-CP9V-44FM

Affected Products

Marked