Alert IDs:
- d6a46ce9-f952-4d67-bc44-c783495c2ed8
- e9936d91-1778-48dc-8c21-f273c52a78e8
Vulnerabilities in marked
Release: 1.0.125
Total Vulnerabilities: 2
Severity: HIGH (Score: 7.5)
Description:
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21680
Alert ID: d6a46ce9-f952-4d67-bc44-c783495c2ed8
Severity: HIGH (Score: 7.5)
Description:
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21681
Alert ID: e9936d91-1778-48dc-8c21-f273c52a78e8
Alert IDs:
Vulnerabilities in marked
Release: 1.0.125
Total Vulnerabilities: 2
1. CVE-2022-21680
Severity: HIGH (Score: 7.5)
Description:
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression
block.defmay cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21680
Alert ID: d6a46ce9-f952-4d67-bc44-c783495c2ed8
2. CVE-2022-21681
Severity: HIGH (Score: 7.5)
Description:
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression
inline.reflinkSearchmay cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21681
Alert ID: e9936d91-1778-48dc-8c21-f273c52a78e8