Skip to content
This repository was archived by the owner on Apr 8, 2024. It is now read-only.
This repository was archived by the owner on Apr 8, 2024. It is now read-only.

WS-2019-0209 (Medium) detected in marked-0.6.2.tgz #41

Open
Open
WS-2019-0209 (Medium) detected in marked-0.6.2.tgz#41
Labels
security vulnerability
@mend-bolt-for-github

Description

@mend-bolt-for-github
mend-bolt-for-github
bot
opened on Sep 12, 2019

WS-2019-0209 - Medium Severity Vulnerability

Vulnerable Library - marked-0.6.2.tgz

A markdown parser built for speed

Library home page: https://registry.npmjs.org/marked/-/marked-0.6.2.tgz

Path to dependency file: micro-cors-http-proxy/package.json

Path to vulnerable library: micro-cors-http-proxy/node_modules/marked/package.json

Dependency Hierarchy:

  • semantic-release-15.13.15.tgz (Root Library)
    • marked-0.6.2.tgz (Vulnerable Library)

Found in HEAD commit: 541c821f624bc4b76f4d688c6e78dbbdf4f1d500

Vulnerability Details

marked before 0.7.0 vulnerable to Redos attack by he _label subrule that may significantly degrade parsing performance of malformed input.

Publish Date: 2019-07-04

URL: WS-2019-0209

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1076

Release Date: 2019-09-05

Fix Resolution: 0.7.0

Step up your Open Source Security Game with WhiteSource here

Metadata

Metadata

Assignees

No one assigned

    Labels

    security vulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions