GHSA-7m7q-q53v-j47v – marked

Package

Manager: npm
Name: marked
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Regular Expression Denial of Service A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens in a single line.

Metadata

Created: 2021-02-25T02:01:47Z
Modified: 2021-02-25T02:01:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-7m7q-q53v-j47v/GHSA-7m7q-q53v-j47v.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0