Описание
Regular Expression Denial of Service in marked
Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.
Recommendation
Upgrade to version 0.7.0 or later.
Пакеты
Наименование
marked
npm
Затронутые версииВерсия исправления
>= 0.4.0, < 0.7.0
0.7.0
Дефекты
CWE-1333
Дефекты
CWE-1333