CVE-2022-21681 - Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.re

CVE-2022-21681

Summary

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

References

Vulnerable Configurations

cpe:2.3:a:marked_project:marked:0.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.0.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.1.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.2-1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.2-1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.4-1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.4-1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.5c:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.5c:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.10:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.2.10:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.12:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.12:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.13:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.13:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.14:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.14:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.15:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.15:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.16:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.16:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.17:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.17:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.18:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.18:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.19:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.3.19:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.4.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.4.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.5.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.5.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.5.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.5.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.5.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.5.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.6.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.7.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.7.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.8.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.8.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.8.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.8.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.8.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:0.8.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.2.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.20:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:1.20:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:2.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:3.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.9:*:*:*:*:node.js:*:*
cpe:2.3:a:marked_project:marked:4.0.9:*:*:*:*:node.js:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 24-07-2023 - 13:54)
Impact:
Exploitability:

CWE

CWE-1333

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

Last major update

24-07-2023 - 13:54

Published

14-01-2022 - 17:15

Last modified

24-07-2023 - 13:54