Marker decency package has been marked as Moderate vulnerability by npm audit #14
Labels
Comments
nprail
added a commit
that referenced
this issue
Apr 26, 2019
nprail
added a commit
that referenced
this issue
Apr 26, 2019
|
🎉 This issue has been resolved in version 1.3.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
🎉 This issue has been resolved in version 1.3.3 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Moderate Regular Expression Denial of Service
Module: marked
Published: April 10th 2019
Reported by: Anders Kaseorg
CWE-400
Vulnerable: >=0.3.14 <0.6.2
Patched: >=0.6.2
CVSS: 5
Overview
Versions of marked prior to 0.6.2 and later than 0.3.14 are vulnerable to Regular Expression Denial of Service. Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.
Findings
npm-audit-html>marked
Remediation : Upgrade to version 0.6.2 or later.
References
GitHub PR (markedjs/marked#1460)
Snyk Report (https://snyk.io/vuln/SNYK-JS-MARKED-174116)
The text was updated successfully, but these errors were encountered: