Skip to content

Marker decency package has been marked as Moderate vulnerability by npm audit #14

New issue
New issue
Closed
#15
Closed
Marker decency package has been marked as Moderate vulnerability by npm audit#14
#15
Labels
released
@balab2020

Description

@balab2020
balab2020
opened on Apr 26, 2019

Moderate Regular Expression Denial of Service

Module: marked
Published: April 10th 2019
Reported by: Anders Kaseorg
CWE-400
Vulnerable: >=0.3.14 <0.6.2
Patched: >=0.6.2
CVSS: 5
Overview
Versions of marked prior to 0.6.2 and later than 0.3.14 are vulnerable to Regular Expression Denial of Service. Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.

Findings
npm-audit-html>marked
Remediation : Upgrade to version 0.6.2 or later.

References
GitHub PR (markedjs/marked#1460)
Snyk Report (https://snyk.io/vuln/SNYK-JS-MARKED-174116)

Metadata

Metadata

Assignees

No one assigned

    Labels

    released

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions