Vulnerability Data

CVE-2022-21680

Track security vulnerabilities

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

Published at
2022-01-14
2 days ago
Modified
2022-01-14
2 days ago
2022
Year
The year of the turtle

https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf

CONFIRM:https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf

Read More about itMore info

https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0

MISC:https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0

Read More about itMore info

https://github.com/markedjs/marked/releases/tag/v4.0.10

MISC:https://github.com/markedjs/marked/releases/tag/v4.0.10

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2022-21680"
	},
	"Notes": {
		"Note": [
			{
				"_text": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
			},
			{
				"_text": "2022-01-14"
			},
			{
				"_text": "2022-01-14"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2022-21680"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
				},
				"Description": {
					"_text": "CONFIRM:https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
				}
			},
			{
				"URL": {
					"_text": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
				},
				"Description": {
					"_text": "MISC:https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
				}
			},
			{
				"URL": {
					"_text": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
				},
				"Description": {
					"_text": "MISC:https://github.com/markedjs/marked/releases/tag/v4.0.10"
				}
			}
		]
	}
}