WS-2019-0169 (Medium) detected in marked-0.4.0.tgz #107

mend-for-github-com · 2021-07-07T19:51:44Z

WS-2019-0169 - Medium Severity Vulnerability

Vulnerable Library - marked-0.4.0.tgz

A markdown parser built for speed

Library home page: https://registry.npmjs.org/marked/-/marked-0.4.0.tgz

Path to dependency file: NodeGoat/package.json

Path to vulnerable library: NodeGoat/node_modules/marked/package.json

Dependency Hierarchy:

❌ marked-0.4.0.tgz (Vulnerable Library)

Found in HEAD commit: 8a01f24c09b719077c9377efa99b25bfc85dc194

Vulnerability Details

marked versions >0.3.14 and < 0.6.2 has Regular Expression Denial of Service vulnerability Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.

Publish Date: 2019-04-03

URL: WS-2019-0169

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/812

Release Date: 2019-07-15

Fix Resolution: 0.6.2

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jul 7, 2021

mend-for-github-com bot changed the title ~~WS-2019-0169 (Medium) detected in marked-0.4.0.tgz~~ WS-2019-0169 (Medium) detected in marked-0.3.18.tgz Jul 7, 2021

mend-for-github-com bot changed the title ~~WS-2019-0169 (Medium) detected in marked-0.3.18.tgz~~ WS-2019-0169 (Medium) detected in marked-0.4.0.tgz Jul 8, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0169 (Medium) detected in marked-0.4.0.tgz #107

WS-2019-0169 (Medium) detected in marked-0.4.0.tgz #107

mend-for-github-com bot commented Jul 7, 2021 •

edited

WS-2019-0169 (Medium) detected in marked-0.4.0.tgz #107

WS-2019-0169 (Medium) detected in marked-0.4.0.tgz #107

Comments

mend-for-github-com bot commented Jul 7, 2021 • edited

WS-2019-0169 - Medium Severity Vulnerability

mend-for-github-com bot commented Jul 7, 2021 •

edited