Markedjs Marked vulnerabilities
3 known vulnerabilities affecting markedjs/marked.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2022-21681HIGHCVSS 7.5fixed in 4.0.102022-01-14
CVE-2022-21681 [HIGH] CWE-400 CVE-2022-21681: Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.re
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issu
nvd
CVE-2022-21680HIGHCVSS 7.5fixed in 4.0.102022-01-14
CVE-2022-21680 [HIGH] CWE-400 CVE-2022-21680: Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected.
nvd
CVE-2021-21306HIGHCVSS 7.5v>= 1.1.1, < 2.0.02021-02-08
CVE-2021-21306 [HIGH] CWE-400 CVE-2021-21306: Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
nvd