CVE-2021-21306
MEDIUMmarked 1.1.1-2.0.0 - Regular Expression Denial of Service
Title source: llmDescription
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_confirm
https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
Third Party Advisory x_refsource_misc
https://github.com/markedjs/marked/issues/1927
Patch, Third Party Advisory x_refsource_misc
https://github.com/markedjs/marked/pull/1864
Patch, Third Party Advisory x_refsource_misc
https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/marked
Scores
CVSS v3
5.3
EPSS
0.0246
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (2)
marked_project/marked
1.1.1 - 2.0.0
npm/marked
1.1.1 - 2.0.0npm
Published
Feb 08, 2021
Tracked Since
Feb 18, 2026