Description
Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.
Recommendation
Update the marked package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.4.0, < 0.7.0
- Patched version(s): 0.7.0
References
Related Issues
- Regular Expression Denial of Service (GHSA-qx4v-6gc5-f2vv) - Vulnerability
- Regular Expression Denial of Service - Vulnerability
- Regular Expression Denial of Service (GHSA-6394-6h9h-cfjg) - Vulnerability
- Regular Expression Denial of Service in marked (GHSA-x5pg-88wf-qq4p) - CVE-2017-16114
- Tags:
- npm
- marked
Anything's wrong? Let us know Last updated on April 11, 2023