WS-2019-0169 (Medium) detected in marked-0.3.17.tgz #73

mend-bolt-for-github · 2020-03-25T08:49:58Z

WS-2019-0169 - Medium Severity Vulnerability

Vulnerable Library - marked-0.3.17.tgz

A markdown parser built for speed

Library home page: https://registry.npmjs.org/marked/-/marked-0.3.17.tgz

Path to dependency file: /tmp/ws-scm/guilds.osweekends.com/package.json

Path to vulnerable library: /tmp/ws-scm/guilds.osweekends.com/node_modules/marked/package.json

Dependency Hierarchy:

pillars-0.7.1.tgz (Root Library)
- templated-0.3.9.tgz
  - ❌ marked-0.3.17.tgz (Vulnerable Library)

Found in HEAD commit: f30dd7a82df3ba133df4217044d20081318714c7

Vulnerability Details

marked versions >0.3.14 and < 0.6.2 has Regular Expression Denial of Service vulnerability Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.

Publish Date: 2019-07-15

URL: WS-2019-0169

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/812

Release Date: 2019-07-15

Fix Resolution: 0.6.2

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 25, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0169 (Medium) detected in marked-0.3.17.tgz #73

WS-2019-0169 (Medium) detected in marked-0.3.17.tgz #73

mend-bolt-for-github bot commented Mar 25, 2020

WS-2019-0169 (Medium) detected in marked-0.3.17.tgz #73

WS-2019-0169 (Medium) detected in marked-0.3.17.tgz #73

Comments

mend-bolt-for-github bot commented Mar 25, 2020

WS-2019-0169 - Medium Severity Vulnerability