CVE-2021-21306

Summary

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

Affected Software

VendorProductVersion RangeStatus
markedjsmarked>= 1.1.1, < 2.0.0affected

Weaknesses

  • CWE-400: {"CWE-400":"Uncontrolled Resource Consumption"}

ADP Enrichment

CVE Program Container

Additional References

References