GHSA-xf5p-87ch-gxw2

Suggest an improvement
Source
https://github.com/advisories/GHSA-xf5p-87ch-gxw2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-xf5p-87ch-gxw2/GHSA-xf5p-87ch-gxw2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xf5p-87ch-gxw2
Published
2019-06-05T14:10:03Z
Modified
2022-08-02T17:43:57Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Marked ReDoS due to email addresses being evaluated in quadratic time
Details

Versions of marked from 0.3.14 until 0.6.2 are vulnerable to Regular Expression Denial of Service. Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.

Recommendation

Upgrade to version 0.6.2 or later.

Database specific 
{
    "nvd_published_at": null,
    "severity": "MODERATE",
    "github_reviewed_at": "2019-06-05T13:50:35Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

npm / marked

Package

Name
marked
View open source insights on deps.dev
Purl
pkg:npm/marked

Affected ranges

Type
SEMVER
Events
Introduced
0.3.14
Fixed
0.6.2