Regular Expression Denial of Servicemarked
Affected versions of
marked are vulnerable to a regular expression denial of service.
The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds.
Update to version 0.3.9 or later.
publishedAdvisory publishedSep 21st, 2017
reportedInitial report by Cristian-Alexandru StaicuSep 21st, 2017