Remarkable Project Remarkable vulnerabilities
4 known vulnerabilities affecting remarkable_project/remarkable.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-12041HIGHCVSS 7.5v1.7.12019-05-13
CVE-2019-12041 [HIGH] CWE-1333 CVE-2019-12041: lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
ghsanvdosv
CVE-2019-12043MEDIUMCVSS 6.1v1.7.12019-05-13
CVE-2019-12043 [MEDIUM] CWE-79 CVE-2019-12043: In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigge
In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.
ghsanvdosv
CVE-2017-16006MEDIUMCVSS 6.1≤ 1.6.22018-06-04
CVE-2017-16006 [MEDIUM] CWE-79 CVE-2017-16006: Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` U
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
ghsanvdosv
CVE-2014-10065MEDIUMCVSS 6.1fixed in 1.4.12018-05-31
CVE-2014-10065 [MEDIUM] CWE-94 CVE-2014-10065: Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disal
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.
ghsanvdosv