Usage of vulnerable marked package

• Rule ID: javascript_third_parties_marked
• Languages: javascript
• Source: marked.yml

Description

For versions of marked less than 2.0.0, there is a Regular expression Denial of Service (ReDoS) vulnerability.

Remediations

• Do upgrade marked to version 2.0.0 or greater.

References

• Vulnerability explained

Associated CWE

• CWE-1333: Inefficient Regular Expression Complexity

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_third_parties_marked

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_third_parties_marked