CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*

Information

Published : 2022-01-14 09:15

Updated : 2022-10-08 12:15


NVD link : CVE-2022-21681

Mitre link : CVE-2022-21681


JSON object : View

Advertisement

dedicated server usa

Products Affected

marked_project

  • marked