Vulnerability Description
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marked Project | Marked | >= 1.1.1, < 2.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bcPatchThird Party Advisory
- https://github.com/markedjs/marked/issues/1927Third Party Advisory
- https://github.com/markedjs/marked/pull/1864PatchThird Party Advisory
- https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96Third Party Advisory
- https://www.npmjs.com/package/markedProductThird Party Advisory
- https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bcPatchThird Party Advisory
- https://github.com/markedjs/marked/issues/1927Third Party Advisory
- https://github.com/markedjs/marked/pull/1864PatchThird Party Advisory
- https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96Third Party Advisory
- https://www.npmjs.com/package/markedProductThird Party Advisory
FAQ
What is CVE-2021-21306?
CVE-2021-21306 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This...
How severe is CVE-2021-21306?
CVE-2021-21306 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21306?
Check the references section above for vendor advisories and patch information. Affected products include: Marked Project Marked.