Lucene search
GoogleOSV:GHSA-4R62-V4VQ-HR96HistoryFeb 08, 2021 - 9:17 p.m.
Regular Expression Denial of Service (REDoS) in Marked
2021-02-0821:17:58
Google
osv.dev
9
0.002 Low
EPSS
Percentile
56.1%
Impact
What kind of vulnerability is it? Who is impacted?
Regular expression Denial of Service
A Denial of Service attack can affect anyone who runs user generated code through marked.
Patches
Has the problem been patched? What versions should users upgrade to?
patched in v2.0.0
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
None.
References
Are there any links users can visit to find out more?
https://github.com/markedjs/marked/issues/1927
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
For more information
If you have any questions or comments about this advisory:
- Open an issue in marked
Related
cve
cve
CVE-2021-21306
2021-02-08 22:15:12
nodejs
nodejs
Regular Expression Denial of Service
2021-02-24 02:39:42
github
github
Regular Expression Denial of Service (REDoS) in Marked
2021-02-08 21:17:58
nvd
nvd
CVE-2021-21306
2021-02-08 22:15:12
debiancve
debiancve
CVE-2021-21306
2021-02-08 22:15:12
prion
prion
Code injection
2021-02-08 22:15:00
redhatcve
redhatcve
CVE-2021-21306
2021-02-09 15:47:06
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-02-09 06:06:44
osv
osv
CVE-2021-21306
2021-02-08 22:15:12
cvelist
cvelist
CVE-2021-21306 Denial of Service in Marked
2021-02-08 21:20:18