Cx816df59e-1cc9 @ Npm-marked-0.3.9

**Vulnerable Package** issue exists @ **Npm\-marked\-0.3.9** in branch **main**

Marked prior to 1.1.1 has a regex that accepts "any character" unrestrictedly in `rules.js` and this could lead to a Regular Expression Denial of Service (REDoS) attack.

**Namespace:** cxronen
**Repository:** BookStore
**Repository Url:** https://github.com/cxronen/BookStore
**CxAST\-Project:** cxronen/BookStore
**CxAST platform scan:** [207c1944\-f9e8\-4bbb\-a51e\-1235c29a4b44](https://ast.checkmarx.net/projects/68c297ba-386f-491c-a20f-f31fa83b386a/scans?id=207c1944-f9e8-4bbb-a51e-1235c29a4b44&branch=main)
**Branch:** main
**Application:** BookStore
**Severity:** MEDIUM
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-400


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** LOW
**Remediation Upgrade Recommendation:** 4.0.10


----
**References**
[Pull request](https://github.com/markedjs/marked/pull/1686)
[Commit](https://github.com/markedjs/marked/commit/bd4f8c464befad2b304d51e33e89e567326e62e0)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cx816df59e-1cc9 @ Npm-marked-0.3.9 #793

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cx816df59e-1cc9 @ Npm-marked-0.3.9 #793

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions