摘要:
Marked is an open-source markdown parser and compiler (npm package marked ). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
安全等级: Low
公告ID: KylinSec-SA-2022-2064
发布日期: 2022年9月23日
关联CVE: CVE-2021-21306
Marked is an open-source markdown parser and compiler (npm package marked ). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-21306 | KY3.4-4A | marked | Unaffected |
| CVE-2021-21306 | KY3.4-5 | marked | Unaffected |
| CVE-2021-21306 | KY3.5.1 | marked | Unaffected |
