CPE Details
marked Project marked 0.3.6 for Node.js
0.3.6
2019-09-23
16h07 +00:00
16h07 +00:00
2019-09-23
16h07 +00:00
16h07 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:marked_project:marked:0.3.6:*:*:*:*:node.js:*:*
Informations
Vendor
marked_projectProduct
markedVersion
0.3.6Target Software
node.jsRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | 7.5 |
High |
||
| Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | 7.5 |
High |
||
| The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. | 7.5 |
High |
||
| marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | 6.1 |
Medium |
2025©
tesweb SA
