GHSA-7m7q-q53v-j47v

Опубликовано: 25 фев. 2021

Источник: github

Github: Прошло ревью

Описание

Regular Expression Denial of Service

A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens in a single line.

Ссылки

https://github.com/Feder1co5oave/marktex/commit/cc8a45288b59ca10a8fedaed9028072021be9999
https://bugzilla.redhat.com/show_bug.cgi?id=1679550

Пакеты

Наименование

marked

npm

Затронутые версииВерсия исправления

>= 0.5.0, < 0.6.1

0.6.1