Description
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links.
Recommendation
Update the marked package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.17
- Patched version(s): 0.3.17
References
Related Issues
- Regular Expression Denial of Service (REDoS) in Marked - CVE-2021-21306
- jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
- Regular Expression Denial of Service (ReDoS) in ua-parser-js - CVE-2021-27292
- Regular Expression Denial of Service (ReDoS) in lodash - lodash - CVE-2019-1010266
You might also like:
- Tags:
- npm
- marked
Anything's wrong? Let us know Last updated on May 27, 2025


