search

F-loat / vue-simplemde

📝 Vue SimpleMDE - use simplemde with vue.js
https://F-loat.github.io/vue-simplemde/dist/demo.html
MIT License
770 stars 111 forks source link

Vulnerable to Regular Expression Denial of Service #67

Closed paulhennell closed 5 years ago

paulhennell commented 5 years ago

This project brings in Marked ^0.3.6 which NPM warns is vulnerable to regular expression denial of service: https://www.npmjs.com/advisories/812

Marked should be updated to >=0.6.2 to avoid this.