Products Book A Demo Contact Us

Products Book A Demo Contact Us

Sec1 Documentation
Quick Start
Integration with Sec1
External Integrations
Static Application Security Testing
- SAST Java Rules
- SAST JavaScript Rules
SBOM Scanner
- Config
- Scan
CISO Console
Pricing & Billing
CVE API

Powered by GitBook

On this page

Overview
Description
Remediation Guidelines
References
Configuration

Static Application Security Testing

SAST JavaScript Rules

Usage of vulnerable marked package

Overview

Rule ID: javascript_third_parties_marked
Applicable Languages: Javascript
Weakness ID: CWE-1333

Description

For versions of Marked prior to 2.0.0, there is a vulnerability to Regular Expression Denial of Service (ReDoS) attacks.

Remediation Guidelines

Do upgrade marked to version 2.0.0 or greater.

References

Vulnerability explained
CWE-1333: Inefficient Regular Expression Complexity

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of vulnerable DOMPurify package NextUsage of weak encryption algorithm (DES)

Last updated 8 months ago