Regular Expression Denial of Service (ReDoS) Vulnerability in marked (npm package) versions 1.1.1 and below

Regular Expression Denial of Service (ReDoS) Vulnerability in marked (npm package) versions 1.1.1 and below

CVE-2021-21306 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

Learn more about our User Device Pen Test.