HIGH🇬🇧 English

CVE-2017-16114

CVSS 7.5v3.0pub. 2018-06-07upd. 2024-11-21

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Marked Project Marked

    APP
    Marked Project
    < 0.3.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-41680HIGH8.7ten sam produkt

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerabil...

CVE-2022-21680HIGH7.5ten sam produkt

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may caus...

CVE-2022-21681HIGH7.5ten sam produkt

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearc...

CVE-2015-8854HIGH7.5ten sam produkt

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) vi...

CVE-2018-25110MEDIUM6.9ten sam produkt

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to c...