Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1524

[MARKED] SRCCLR-SID-6127 | Unknown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web UI

      Description

      SRCCLR-SID-6127 | Unknown

      Severity : Medium

      marked is vulnerable to regular expression denial-of-service (ReDoS) attacks. The vulnerability exists as a vulnerable regex for parsing `heading` causes catastrophic backtracking is used in `lib/marked.js`, allowing a malicious input to consume resources to cause a ReDoS attack.

      Module : marked

      nuxeo-web-ui.zip#zip:node_modules:marked

      Current Version : 0.3.19

      Recommended version to upgrade : 12.0.2 ( Latest )

       

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: