jonschlinkert/remarkable

GitHub

github.com

jonschlinkert.github.io

Releases22

Frequency3 months 6 days

Last Release about 6 years ago

Stars5.83K

Markdown parser, done right. Commonmark support, extensions, syntax plugins, high speed - all in one. Gulp and metalsmith plugins available. Used by Facebook, Docusaurus and many others! Use https://github.com/breakdance/breakdance for HTML-to-markdown conversion. Use https://github.com/jonschlinkert/markdown-toc to generate a table of contents.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-12043 ↗	May 13, 2019Monday, 13 May 2019, 14:29	—	4.3 MEDIUM
In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.
CVE-2019-12041 ↗	May 13, 2019Monday, 13 May 2019, 13:29	7.5 HIGH	5 MEDIUM
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
CVE-2017-16006 ↗	Jun 4, 2018Monday, 4 June 2018, 19:29	—	4.3 MEDIUM
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
CVE-2014-10065 ↗	May 31, 2018Thursday, 31 May 2018, 20:29	—	4.3 MEDIUM
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.