CVE-2021-21306

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

Ссылки

https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
Patch
Third Party Advisory
https://github.com/markedjs/marked/issues/1927
Third Party Advisory
https://github.com/markedjs/marked/pull/1864
Patch
Third Party Advisory
https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
Third Party Advisory
https://www.npmjs.com/package/marked
Product
Third Party Advisory
https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
Patch
Third Party Advisory
https://github.com/markedjs/marked/issues/1927
Third Party Advisory
https://github.com/markedjs/marked/pull/1864
Patch
Third Party Advisory
https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
Third Party Advisory
https://www.npmjs.com/package/marked
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*

Версия от 1.1.1 (включая) до 2.0.0 (исключая)

EPSS

Процентиль: 69%

0.00603

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2021-21306

CVSS3: 7.5

redhat

около 5 лет назад

CVE-2021-21306

CVSS3: 5.3

debian

почти 5 лет назад

Marked is an open-source markdown parser and compiler (npm package "ma ...

GHSA-4r62-v4vq-hr96

CVSS3: 5.3

github

почти 5 лет назад

Regular Expression Denial of Service (REDoS) in Marked

EPSS

Процентиль: 69%

0.00603

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400