Usage of vulnerable marked package

Overview

• Rule ID: javascript_third_parties_marked

• Applicable Languages: Javascript

• Weakness ID: CWE-1333

Description

For versions of Marked prior to 2.0.0, there is a vulnerability to Regular Expression Denial of Service (ReDoS) attacks.

Remediation Guidelines

• Do upgrade marked to version 2.0.0 or greater.

References

• Vulnerability explained

• CWE-1333: Inefficient Regular Expression Complexity

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL