GHSA-4r62-v4vq-hr96
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4r62-v4vq-hr96
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-4r62-v4vq-hr96/GHSA-4r62-v4vq-hr96.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-4r62-v4vq-hr96
- Aliases
- Related
- Published
- 2021-02-08T21:17:58Z
- Modified
- 2023-11-01T04:54:11.393134Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Regular Expression Denial of Service (REDoS) in Marked
- Details
-
Impact
What kind of vulnerability is it? Who is impacted?
Regular expression Denial of Service
A Denial of Service attack can affect anyone who runs user generated code through
marked.Patches
Has the problem been patched? What versions should users upgrade to?
patched in v2.0.0
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
None.
References
Are there any links users can visit to find out more?
https://github.com/markedjs/marked/issues/1927 https://owasp.org/www-community/attacks/RegularexpressionDenialofService-ReDoS
For more information
If you have any questions or comments about this advisory: * Open an issue in marked
- Database specific
{ "nvd_published_at": "2021-02-08T22:15:00Z", "github_reviewed_at": "2021-02-08T21:17:26Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
-
- https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
- https://nvd.nist.gov/vuln/detail/CVE-2021-21306
- https://github.com/markedjs/marked/issues/1927
- https://github.com/markedjs/marked/pull/1864
- https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
- https://www.npmjs.com/package/marked
Affected packages
npm / marked
Package
- Name
- marked
- View open source insights on deps.dev
- Purl
- pkg:npm/marked