Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1525

[MARKED] SRCCLR-SID-13630 | Unknown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web UI

      Description

      SRCCLR-SID-13630 | Unknown

      Severity : Medium

      marked is vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability exists as the `inline.text` regex could require a quadratic time to complete a scan, causing ReDoS.

      Module : marked

      nuxeo-web-ui.zip#zip:node_modules:marked

      Current Version : 0.3.19

      Recommended version to upgrade : 12.0.2 ( Latest )

       

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: