CVE-2021-21306 MEDIUM

CVE-2021-21306: Denial of Service in Marked

Vendor Markedjs
Product marked
Weakness CWE-400
Published February 8, 2021
Last update August 3, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

Key dates

02Disclosure timeline

February 8, 2021 CVE published
August 3, 2024 Record updated