Upgrade marked to a secure version

earldouglas / codedown

Extract code blocks from Markdown files

MIT License

79 stars 5 forks source link

Upgrade marked to a secure version #5

Closed earldouglas closed 5 years ago

earldouglas commented 5 years ago

WS-2019-0027

Vulnerable versions: < 0.3.18 Patched version: 0.3.18

Versions 0.3.17 and earlier of marked has Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack.

coveralls commented 5 years ago

Coverage remained the same at 100.0% when pulling aa96bfcbc27763584fec43d31c853d016d06e2e0 on WS-2019-0027 into becb3ddf1f98d3efe6089e4ba90953637ad8897e on master.