CVE-2021-21306
Summary
| CVE | CVE-2021-21306 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-02-08 22:15:00 UTC |
|---|
| Updated | 2021-02-11 21:53:00 UTC |
|---|
| Description | Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| fix: Total rework of Emphasis/Strong by calculuschild · Pull Request #1864 · markedjs/marked · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| Underscore ReDoS · Advisory · markedjs/marked · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| marked |
MISC |
www.npmjs.com |
Product, Third Party Advisory |
| Groups of consecutive underscores in a specific pattern hang/take a long time to convert · Issue #1927 · markedjs/marked · GitHub |
MISC |
github.com |
Third Party Advisory |
| fix: Total rework of Emphasis/Strong (#1864) · markedjs/marked@7293251 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 982954 Nodejs (npm) Security Update for marked (GHSA-4r62-v4vq-hr96)
