Vulnerability 812 in marked dependency
See original GitHub issueExpected Behavior
npm audit
should succeed
Actual Behavior
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ contentful-cli │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ contentful-cli > markdown-cli > marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/812 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Possible Solution
Upgrade markdown-cli
/ marked
dependency.
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Mining Node.js Vulnerabilities via Object Dependence Graph ...
The key insight of ODG is to rep- resent JavaScript objects as nodes and the relations among objects and between objects and AST...
Read more >Marked ReDoS due to email addresses being evaluated in ...
Versions of `marked` from 0.3.14 until 0.6.2 are vulnerable to Regular Expression Denial of Service. ... https://www.npmjs.com/advisories/812.
Read more >A unified framework for addiction: Vulnerabilities in the ... - NCBI
The identification of addiction as vulnerabilities in the biological decision-making system ... 1997; Koob & Le Moal 2006; Marks et al. ... 2005;25:790–812....
Read more >SySeVR: A Framework for Using Deep Learning to Detect ...
This calls for machine learning methods for vulnerability detection. ... information induced by data dependency; (iii) it considers.
Read more >Fuzzing with Data Dependency Information - S3 @ Eurecom
72 different vulnerabilities that our data-dependency driven approach can identify when executed on 38 target programs.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This will be fixed in the next release of the CLI
Still seeing this on
contentful-cli@1.2.2
– did this actually get resolved?markdown-cli
seems to be a totally abandoned package that is never going to upgrade its dependencies. Can it be replaced with something else? CC @jroehl