npm

Severity: high

Regular Expression Denial of Service

marked

Overview

Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ( ReDoS ) vulnerability when passed inputs that reach the em inline rule.

Remediation

Update to version 0.3.4 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Barış Soner Uşaklı
    Oct 17th, 2015
  2. published

    Advisory published
    Jan 22nd, 2015