CPE Details
Marked Project Marked 1.2.9 for Node.js
1.2.9
2021-02-09
16h51 +00:00
16h51 +00:00
2021-02-09
16h51 +00:00
16h51 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:marked_project:marked:1.2.9:*:*:*:*:node.js:*:*
Informations
Vendor
marked_projectProduct
markedVersion
1.2.9Target Software
node.jsRelated CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | 7.5 |
Haute |
||
| Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | 7.5 |
Haute |
||
| Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0. | 7.5 |
Haute |
2025©
tesweb SA
