UBUNTU-CVE-2014-3743

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2014-3743

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3743.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-3743

Upstream

CVE-2014-3743

Withdrawn

2025-07-18T16:43:02Z

Published

2020-01-06T20:15:00Z

Modified

2025-07-16T08:11:04.969932Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations * gfm codeblocks (language) * javascript url's

References

Affected packages

Ubuntu:14.04:LTS / node-marked

Package

Name: node-marked
Purl: pkg:deb/ubuntu/node-marked@0.3.1+dfsg-1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.1+dfsg-1

Affected versions

0.*

0.2.9+dfsg-1

0.3.0+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.3.1+dfsg-1",
            "binary_name": "libjs-marked"
        },
        {
            "binary_version": "0.3.1+dfsg-1",
            "binary_name": "node-marked"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3743.json"

Ubuntu:16.04:LTS / node-marked

Package

Name: node-marked
Purl: pkg:deb/ubuntu/node-marked@0.3.2+dfsg-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.3.2+dfsg-1",
            "binary_name": "libjs-marked"
        },
        {
            "binary_version": "0.3.2+dfsg-1",
            "binary_name": "node-marked"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3743.json"

Ubuntu:18.04:LTS / node-marked

Package

Name: node-marked
Purl: pkg:deb/ubuntu/node-marked@0.3.9+dfsg-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.9+dfsg-1

Affected versions

0.*

0.3.6+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.3.9+dfsg-1",
            "binary_name": "libjs-marked"
        },
        {
            "binary_version": "0.3.9+dfsg-1",
            "binary_name": "node-marked"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3743.json"