Skip to content
This repository has been archived by the owner on Apr 8, 2024. It is now read-only.

WS-2019-0209 (Medium) detected in marked-0.6.2.tgz #41

Open
mend-bolt-for-github bot opened this issue Sep 12, 2019 · 0 comments
Open

WS-2019-0209 (Medium) detected in marked-0.6.2.tgz #41

mend-bolt-for-github bot opened this issue Sep 12, 2019 · 0 comments
Labels
security vulnerability

Comments

@mend-bolt-for-github
Copy link

mend-bolt-for-github bot commented Sep 12, 2019
edited

WS-2019-0209 - Medium Severity Vulnerability

Vulnerable Library - marked-0.6.2.tgz

A markdown parser built for speed

Library home page: https://registry.npmjs.org/marked/-/marked-0.6.2.tgz

Path to dependency file: micro-cors-http-proxy/package.json

Path to vulnerable library: micro-cors-http-proxy/node_modules/marked/package.json

Dependency Hierarchy:

  • semantic-release-15.13.15.tgz (Root Library)
    • marked-0.6.2.tgz (Vulnerable Library)

Found in HEAD commit: 541c821f624bc4b76f4d688c6e78dbbdf4f1d500

Vulnerability Details

marked before 0.7.0 vulnerable to Redos attack by he _label subrule that may significantly degrade parsing performance of malformed input.

Publish Date: 2019-07-04

URL: WS-2019-0209

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1076

Release Date: 2019-09-05

Fix Resolution: 0.7.0

Step up your Open Source Security Game with WhiteSource here
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants