Severity: high

Regular Expression Denial of Service

marked

Overview

Affected versions of marked are vulnerable to a regular expression denial of service.

The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds.

Remediation

Update to version 0.3.9 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Sep 21st, 2017
  2. reported

    Initial report by Cristian-Alexandru Staicu
    Sep 21st, 2017