CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*

Information

Published : 2022-01-14 09:15

Updated : 2022-10-08 12:15


NVD link : CVE-2022-21680

Mitre link : CVE-2022-21680


JSON object : View

CWE
CWE-1333

Inefficient Regular Expression Complexity

CWE-400

Uncontrolled Resource Consumption

Advertisement

dedicated server usa

Products Affected

marked_project

  • marked