Marked Project Marked 0.8.0 for Node.js

CPE Details

Marked Project Marked 0.8.0 for Node.js
marked_project
marked
0.8.0
2021-02-09
16h51 +00:00
2021-02-09
16h51 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:marked_project:marked:0.8.0:*:*:*:*:node.js:*:*

Informations

Vendor

marked_project

Product

marked

Version

0.8.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-21680 2022-01-13 23h00 +00:00 Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
7.5
Haute
CVE-2022-21681 2022-01-13 23h00 +00:00 Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
7.5
Haute