Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-21681

Опубликовано: 14 янв. 2022
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*
Версия до 4.0.10 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00695
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400
CWE-1333

Связанные уязвимости

ubuntu логотип

CVE-2022-21681

CVSS3: 7.5
ubuntu
около 4 лет назад

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

redhat логотип

CVE-2022-21681

CVSS3: 7.5
redhat
около 4 лет назад

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

debian логотип

CVE-2022-21681

CVSS3: 7.5
debian
около 4 лет назад

Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...

github логотип

GHSA-5v2h-r2cx-5xgj

CVSS3: 7.5
github
около 4 лет назад

Inefficient Regular Expression Complexity in marked

fstec логотип

BDU:2023-07520

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость анализатора и компилятора уценки Marked, связанная с некорректной обработкой регулярного выражения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 71%
0.00695
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400
CWE-1333