漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Denial of Service in Marked
Vulnerability Description
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
marked 资源管理错误漏洞
Vulnerability Description
marked是美国Christopher Jeffrey个人开发者的一款使用JavaScript编写的Markdown解析器和编译器。 Marked 1.1.1及2.0.0之前版本中存在资源管理错误漏洞,该漏洞可以影响任何通过标记运行用户生成代码的用户。
CVSS Information
N/A
Vulnerability Type
N/A