Rewterz Threat Advisory – Multiple Node.js marked module Vulnerabilities

Extended Detection and Response (XDR): The Next Big Thing In Security?

January 11, 2022

Rewterz Threat Advisory – CVE-2022-23222 – Linux Kernel Vulnerability

January 17, 2022

Rewterz Threat Advisory – Multiple Node.js marked module Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-21681

Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in inline.reflinkSearch. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-21680

Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in block.def. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Denial of Service

Affected Vendors

Node.js

Affected Products

Node.js marked 4.0.9

Remediation

Upgrade to the latest version of Marked, available from the Marked GIT Repository.

https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf

Extended Detection and Response (XDR): The Next Big Thing In Security?

Rewterz Threat Advisory – CVE-2022-23222 – Linux Kernel Vulnerability

Rewterz Threat Advisory – Multiple Node.js marked module Vulnerabilities

Severity

Analysis Summary

CVE-2022-21681

CVE-2022-21680

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan