ProductsBook A DemoContact Us

Usage of vulnerable marked package

Overview

  • Rule ID: javascript_third_parties_marked

  • Applicable Languages: Javascript

  • Weakness ID: CWE-1333

Description

For versions of Marked prior to 2.0.0, there is a vulnerability to Regular Expression Denial of Service (ReDoS) attacks.

Remediation Guidelines

  • Do upgrade marked to version 2.0.0 or greater.

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of vulnerable DOMPurify packageNextUsage of weak encryption algorithm (DES)

Last updated