PT-2018-6518 · Npm · Marked

Published

2017-12-08

Updated

2018-02-06

CVE-2017-17461

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: marked versions prior to the version where the issue was fixed

Description: A Regular expression Denial of Service (ReDoS) issue in the marked.js file of the marked npm package allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

Recommendations: For marked versions prior to the version where the issue was fixed, update to a version where the ReDoS vulnerability in the marked.js file has been addressed.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-17461

GHSA-CRMX-V835-HCP4

Affected Products

Marked

PT-2018-6518 · Npm · Marked

CVE-2017-17461

Related Identifiers

Affected Products

References · 7