Lucene search

Veracode Vulnerability DatabaseVERACODE:33730

HistoryJan 17, 2022 - 1:31 p.m.

Regular Expression Denial Of Service (ReDoS)

2022-01-1713:31:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

regular expression denial of service

vulnerability

backtracking

block definition

software

EPSS

0.004

Percentile

72.4%

JSON

marked is vulnerable to regular expression denial of service. An attacker is able to induce the system into backtracking by injecting a maliciously crafted string via a variable block.def.

References

github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0

github.com/markedjs/marked/releases/tag/v4.0.10

github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf

lists.fedoraproject.org/archives/list/[email protected]/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/

EPSS

0.004

Percentile

72.4%

JSON

Related for VERACODE:33730