Severity: high

Regular Expression Denial of Service

marked

Overview

Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ( ReDoS ) vulnerability when passed inputs that reach the em inline rule.

Remediation

Update to version 0.3.4 or later.

Advisory timeline

  1. reported

    Oct 17th, 2015
  2. published

    Advisory published
    Jan 22nd, 2015