Products Book A Demo Contact Us

Products Book A Demo Contact Us

Sec1 Documentation
Quick Start
Integration with Sec1
External Integrations
Static Application Security Testing
- SAST Java Rules
- SAST JavaScript Rules
SBOM Scanner
- Config
- Scan
CISO Console
Pricing & Billing
CVE API

Powered by GitBook

On this page

Overview
Description
Remediation Guidelines
References
Configuration

Static Application Security Testing

SAST JavaScript Rules

Usage of vulnerable marked package

PreviousUsage of vulnerable DOMPurify package NextUsage of weak encryption algorithm (DES)

Last updated 8 months ago

Overview

Rule ID: javascript_third_parties_marked
Applicable Languages: Javascript
Weakness ID: CWE-1333

Description

For versions of Marked prior to 2.0.0, there is a vulnerability to Regular Expression Denial of Service (ReDoS) attacks.

Remediation Guidelines

Do upgrade marked to version 2.0.0 or greater.

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our

Vulnerability explained

CWE-1333: Inefficient Regular Expression Complexity