Description
WS-2019-0169 - Medium Severity Vulnerability
Vulnerable Library - marked-0.3.17.tgz
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.3.17.tgz
Path to dependency file: /tmp/ws-scm/guilds.osweekends.com/package.json
Path to vulnerable library: /tmp/ws-scm/guilds.osweekends.com/node_modules/marked/package.json
Dependency Hierarchy:
- pillars-0.7.1.tgz (Root Library)
- templated-0.3.9.tgz
- ❌ marked-0.3.17.tgz (Vulnerable Library)
- templated-0.3.9.tgz
Found in HEAD commit: f30dd7a82df3ba133df4217044d20081318714c7
Vulnerability Details
marked versions >0.3.14 and < 0.6.2 has Regular Expression Denial of Service vulnerability Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.
Publish Date: 2019-07-15
URL: WS-2019-0169
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/812
Release Date: 2019-07-15
Fix Resolution: 0.6.2
Step up your Open Source Security Game with WhiteSource here