# Usage of vulnerable marked package

## Overview

* **Rule ID**: `javascript_third_parties_marked`
* **Applicable Languages**: Javascript
* **Weakness ID**: CWE-1333

## Description

For versions of Marked prior to 2.0.0, there is a vulnerability to Regular Expression Denial of Service (ReDoS) attacks.

## Remediation Guidelines

* **Do** upgrade marked to version 2.0.0 or greater.

## References

* [**Vulnerability explained**](https://nvd.nist.gov/vuln/detail/CVE-2021-21306)
* [**CWE-1333: Inefficient Regular Expression Complexity**](https://cwe.mitre.org/data/definitions/1333.html)

## Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login)