Описание
Regular Expression Denial of Service (REDoS) in Marked
Impact
What kind of vulnerability is it? Who is impacted?
Regular expression Denial of Service
A Denial of Service attack can affect anyone who runs user generated code through marked.
Patches
Has the problem been patched? What versions should users upgrade to?
patched in v2.0.0
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
None.
References
Are there any links users can visit to find out more?
https://github.com/markedjs/marked/issues/1927 https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
For more information
If you have any questions or comments about this advisory:
- Open an issue in marked
Ссылки
- https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
- https://nvd.nist.gov/vuln/detail/CVE-2021-21306
- https://github.com/markedjs/marked/issues/1927
- https://github.com/markedjs/marked/pull/1864
- https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
- https://www.npmjs.com/package/marked
Пакеты
marked
>= 1.1.1, < 2.0.0
2.0.0
Связанные уязвимости
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
Marked is an open-source markdown parser and compiler (npm package "ma ...