CVE-2015-8854

Name of the Vulnerable Software and Affected Versions marked versions 0.3.3 and earlier

Description The issue is related to errors in resource management, allowing a remote attacker to cause a denial of service. This can be achieved through unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," also known as a "regular expression denial of service (ReDoS)." The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations Update to version 0.3.4 or later. As a temporary workaround, consider restricting the use of the em inline rule in the marked package until a patch is available. Avoid using inputs that may trigger the "catastrophic backtracking issue" in the affected versions.