Regular Expression Denial of Service in marked - marked - GHSA-ch52-vgq2-943f

Severity:: Low

Description

Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.

Recommendation

Update the marked package to the latest compatible version. Followings are version details:

Affected version(s): >= 0.4.0, < 0.7.0
Patched version(s): 0.7.0

References

GHSA-ch52-vgq2-943f
www.npmjs.com
CWE-1333

Related Issues

Regular Expression Denial of Service - Vulnerability
CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
Regular Expression Denial of Service in clean-css - Vulnerability
Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; marked

Anything's wrong? Let us know Last updated on April 11, 2023