NodeJS/showdown/1.7.0
A Markdown to HTML converter written in Javascript
https://www.npmjs.com/package/showdown
BSD-3-Clause
1 Security Vulnerabilities
Reverse Tabnabbing in showdown
Published date: 2020-09-03T23:21:16Z
Links:
- https://github.com/showdownjs/showdown/pull/670/files
- https://github.com/advisories/GHSA-h6mq-3cj6-h738
- https://snyk.io/vuln/SNYK-JS-SHOWDOWN-469487
- https://www.npmjs.com/advisories/1302
- https://github.com/showdownjs/showdown/pull/670
- https://github.com/showdownjs/showdown/commit/1cd281f0643ef613dc1d36847d4c6cbb22501d91
Versions of showdown
prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='_blank'
in anchor tags, allowing attackers to access window.opener
for the original page when opening links. This is commonly used for phishing attacks.
Recommendation
Upgrade to version 1.9.1 or later.
Affected versions:
["0.0.1", "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.3.4", "0.4.0", "0.5.0", "1.0.0-alpha1", "1.0.0-alpha.2", "0.5.2", "0.5.3", "0.5.4", "1.0.0", "1.0.1", "1.0.2", "1.1.0", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.4.0", "1.4.1", "1.4.2", "1.4.3", "1.4.4", "1.5.0", "1.5.1", "1.5.2", "1.5.3", "1.5.4", "1.5.5", "1.6.0", "1.6.1", "1.6.2", "1.6.3", "1.6.4", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.8.0", "1.8.1", "1.8.2", "1.8.3", "1.8.4", "1.8.5", "1.8.6", "1.8.7", "1.9.0"]
Secure versions:
[1.9.1, 2.0.0-alpha, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0]
Recommendation:
Update to version 2.1.0.
62 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.0.1 | BSD | 1 | 2011-04-12 - 02:19 | about 13 years |
0.1.0 | BSD | 1 | 2012-06-15 - 17:59 | almost 12 years |
0.2.0 | BSD | 1 | 2012-06-15 - 19:06 | almost 12 years |
0.3.0 | BSD | 1 | 2012-10-31 - 09:07 | over 11 years |
0.3.1 | BSD | 1 | 2012-11-02 - 10:15 | over 11 years |
0.3.4 | BSD | 1 | 2015-03-01 - 18:19 | about 9 years |
0.4.0 | BSD | 1 | 2015-03-01 - 18:29 | about 9 years |
0.5.0 | BSD | 1 | 2015-04-22 - 14:49 | about 9 years |
1.0.0-alpha1 | BSD | 1 | 2015-05-14 - 02:05 | about 9 years |
1.0.0-alpha.2 | BSD | 1 | 2015-05-15 - 21:35 | almost 9 years |
0.5.2 | BSD | 1 | 2015-05-27 - 01:25 | almost 9 years |
0.5.3 | BSD | 1 | 2015-05-27 - 01:57 | almost 9 years |
0.5.4 | BSD | 1 | 2015-05-27 - 15:07 | almost 9 years |
1.0.0 | BSD | 1 | 2015-05-27 - 15:37 | almost 9 years |
1.0.1 | BSD | 1 | 2015-05-27 - 22:54 | almost 9 years |
1.0.2 | BSD | 1 | 2015-05-28 - 21:36 | almost 9 years |
1.1.0 | BSD-2-Clause | 1 | 2015-06-18 - 00:31 | almost 9 years |
1.2.0 | BSD-2-Clause | 1 | 2015-07-13 - 20:37 | almost 9 years |
1.2.1 | BSD-2-Clause | 1 | 2015-07-22 - 17:50 | almost 9 years |
1.2.2 | BSD-2-Clause | 1 | 2015-08-03 - 21:17 | almost 9 years |
1.2.3 | BSD-2-Clause | 1 | 2015-08-27 - 04:27 | over 8 years |
1.3.0 | BSD-2-Clause | 1 | 2015-10-19 - 02:31 | over 8 years |
1.4.0 | BSD-3-Clause | 1 | 2016-05-13 - 15:36 | about 8 years |
1.4.1 | BSD-3-Clause | 1 | 2016-05-17 - 20:39 | almost 8 years |
1.4.2 | BSD-3-Clause | 1 | 2016-06-21 - 01:12 | almost 8 years |
1.4.3 | BSD-3-Clause | 1 | 2016-08-19 - 18:15 | over 7 years |
1.4.4 | BSD-3-Clause | 1 | 2016-11-02 - 21:19 | over 7 years |
1.5.0 | BSD-3-Clause | 1 | 2016-11-11 - 08:58 | over 7 years |
1.5.1 | BSD-3-Clause | 1 | 2016-12-01 - 15:43 | over 7 years |
1.5.2 | BSD-3-Clause | 1 | 2016-12-17 - 07:51 | over 7 years |
1.5.3 | BSD-3-Clause | 1 | 2016-12-19 - 12:19 | over 7 years |
1.5.4 | BSD-3-Clause | 1 | 2016-12-23 - 09:31 | over 7 years |
1.5.5 | BSD-3-Clause | 1 | 2016-12-30 - 19:25 | over 7 years |
1.6.0 | BSD-3-Clause | 1 | 2017-01-09 - 02:39 | over 7 years |
1.6.1 | BSD-3-Clause | 1 | 2017-01-28 - 02:51 | over 7 years |
1.6.2 | BSD-3-Clause | 1 | 2017-01-29 - 02:37 | over 7 years |
1.6.3 | BSD-3-Clause | 1 | 2017-01-30 - 22:42 | over 7 years |
1.6.4 | BSD-3-Clause | 1 | 2017-02-06 - 07:24 | over 7 years |
1.7.0 | BSD-3-Clause | 1 | 2017-06-01 - 01:51 | almost 7 years |
1.7.1 | BSD-3-Clause | 1 | 2017-06-02 - 02:32 | almost 7 years |
1.7.2 | BSD-3-Clause | 1 | 2017-08-05 - 00:49 | almost 7 years |
1.7.3 | BSD-3-Clause | 1 | 2017-08-23 - 22:03 | over 6 years |
1.7.4 | BSD-3-Clause | 1 | 2017-09-08 - 19:52 | over 6 years |
1.7.5 | BSD-3-Clause | 1 | 2017-10-02 - 04:23 | over 6 years |
1.7.6 | BSD-3-Clause | 1 | 2017-10-06 - 11:57 | over 6 years |
1.8.0 | BSD-3-Clause | 1 | 2017-10-24 - 16:18 | over 6 years |
1.8.1 | BSD-3-Clause | 1 | 2017-11-01 - 20:34 | over 6 years |
1.8.2 | BSD-3-Clause | 1 | 2017-11-11 - 13:35 | over 6 years |
1.8.3 | BSD-3-Clause | 1 | 2017-11-28 - 03:11 | over 6 years |
1.8.4 | BSD-3-Clause | 1 | 2017-12-05 - 01:18 | over 6 years |
1.8.5 | BSD-3-Clause | 1 | 2017-12-10 - 19:47 | over 6 years |
1.8.6 | BSD-3-Clause | 1 | 2017-12-22 - 10:38 | over 6 years |
1.8.7 | BSD-3-Clause | 1 | 2018-10-16 - 23:25 | over 5 years |
1.9.0 | BSD-3-Clause | 1 | 2018-11-10 - 23:25 | over 5 years |
1.9.1 | BSD-3-Clause | 2019-11-02 - 23:09 | over 4 years | |
2.0.0-alpha | MIT | 2022-02-04 - 04:40 | over 2 years | |
2.0.0 | MIT | 2022-02-16 - 04:04 | about 2 years | |
2.0.1 | MIT | 2022-03-01 - 16:17 | about 2 years | |
2.0.2 | MIT | 2022-03-03 - 12:53 | about 2 years | |
2.0.3 | MIT | 2022-03-08 - 09:43 | about 2 years | |
2.0.4 | MIT | 2022-04-21 - 00:24 | about 2 years | |
2.1.0 | MIT | 2022-04-21 - 00:33 | about 2 years |