GMS-2020-746: Regular Expression Denial of Service in marked

September 3, 2020

Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.

Recommendation

Upgrade to version 0.7.0 or later.

References

github.com/advisories/GHSA-ch52-vgq2-943f
www.npmjs.com/advisories/1076

Detect and mitigate GMS-2020-746 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →