Homepage

Overly Restrictive Regular Expression The advisory has been revoked - it doesn't affect any version of package grafana-loki  (opens in a new tab)

Threat Intelligence

Exploit Maturity
Not Defined
EPSS
0.2% (59th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL8-GRAFANALOKI-2809924
  • published7 May 2022
  • disclosed14 Jan 2022
Report a new vulnerability Found a mistake?

Introduced: 14 Jan 2022

CVE-2022-21681  (opens in a new tab)
CWE-186  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream grafana-loki package and not the grafana-loki package as distributed by RHEL.

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.