Regular Expression Denial of Service

Module: marked

Published: January 22nd, 2015

Reported by: Barış Soner Uşaklı

CVE-2015-8854

CWE-400

Vulnerable: <=0.3.3
Patched: >=0.3.4

Overview

Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ( ReDoS ) vulnerability when passed inputs that reach the em inline rule.

Remediation

Update to version 0.3.4 or later.

References

Regular Expression Denial of Service - OWASP Issue 497