CVE-2021-21306— Denial of Service in Marked

Denial of Service in Marked

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

未加控制的资源消耗(资源穷尽)

marked 资源管理错误漏洞

marked是美国Christopher Jeffrey个人开发者的一款使用JavaScript编写的Markdown解析器和编译器。 Marked 1.1.1及2.0.0之前版本中存在资源管理错误漏洞，该漏洞可以影响任何通过标记运行用户生成代码的用户。

N/A

N/A