CVE-2021-21306 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
Group Package Affected Fixed Severity Status Ticket
AVG-1908 hedgedoc 1.7.2-3 1.8.0-1 Medium Fixed
AVG-1548 marked 1.2.9-1 2.0.0-1 Medium Fixed
References
https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
https://github.com/markedjs/marked/issues/1927
https://github.com/markedjs/marked/pull/1864
https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd