CVE-2017-16006

EPSS 1.0%CWE-79

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.

Affected products

HackerOne · remarkable node module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/jonschlinkert/remarkable/issues/227 https://nodesecurity.io/advisories/319