### [CVE-2021-21306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21306)
![](https://img.shields.io/static/v1?label=Product&message=marked&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%201.1.1%2C%20%3C%202.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=%7B%22CWE-400%22%3A%22Uncontrolled%20Resource%20Consumption%22%7D&color=brightgreen)

### Description

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/engn33r/awesome-redos-security