Skip to content

Regular Expression Denial of Service in marked

Low severity GitHub Reviewed Published Sep 3, 2020 to the GitHub Advisory Database • Updated Apr 11, 2023

Package

npm marked (npm)

Affected versions

>= 0.4.0, < 0.7.0

Patched versions

0.7.0

Description

Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.

Recommendation

Upgrade to version 0.7.0 or later.

References

Reviewed Aug 31, 2020
Published to the GitHub Advisory Database Sep 3, 2020
Last updated Apr 11, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-ch52-vgq2-943f

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.