Dependency Marked 1.2.9 npm module is having a high vulnerability open #177

ShilpaJalaja · 2022-05-18T03:09:30Z

Dependency module Marked 1.2.9 npm module is having a high vulnerability open.
GHSA-rrrm-qjm4-v8hf
Marked-1.2.9 is a transient dependency for parent module docsify-cli.
docsify-cli latest version is 4.4.4 which is still using marked-1.2.9 .

Request you move to upgrade dependency module Marked with version > 4.0.10 so that the vulnerability can be fixed and consumers of docsify-cli can use the latest version with no vulnerabilities

yanxin152133 · 2022-05-28T19:27:53Z

C:\Windows\system32>npm audit

npm audit report

marked <=4.0.9
Severity: high
Inefficient Regular Expression Complexity in marked - GHSA-5v2h-r2cx-5xgj
Inefficient Regular Expression Complexity in marked - GHSA-rrrm-qjm4-v8hf
Regular Expression Denial of Service (REDoS) in Marked - GHSA-4r62-v4vq-hr96
No fix available
node_modules/docsify/node_modules/marked
docsify *
Depends on vulnerable versions of marked
node_modules/docsify
docsify-cli *
Depends on vulnerable versions of docsify
Depends on vulnerable versions of docsify-server-renderer
node_modules/docsify-cli
docsify-server-renderer >=4.8.1
Depends on vulnerable versions of docsify
node_modules/docsify-server-renderer

4 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependency Marked 1.2.9 npm module is having a high vulnerability open #177

Dependency Marked 1.2.9 npm module is having a high vulnerability open #177

ShilpaJalaja commented May 18, 2022

yanxin152133 commented May 28, 2022

Dependency Marked 1.2.9 npm module is having a high vulnerability open #177

Dependency Marked 1.2.9 npm module is having a high vulnerability open #177

Comments

ShilpaJalaja commented May 18, 2022

yanxin152133 commented May 28, 2022

npm audit report