6 matches found
CVE-2022-21680
CVE-2022-21680 affects the Node.js Marked markdown parser. Prior to 4.0.10, regex block.def can cause catastrophic backtracking leading to ReDoS when processing untrusted markdown; patch is 4.0.10. Workarounds include running Marked in a worker thread with a reasonable time limit or avoiding untr...
CVE-2022-21681
CVE-2022-21681 affects the Marked markdown parser. The vulnerability is caused by the regular expression inline.reflinkSearch, which may cause catastrophic backtracking and a denial of service when processing untrusted Markdown. Affected versions are prior to 4.0.10. The issue is patched in 4.0.1...
CVE-2014-3743
CVE-2014-3743 affects the Node.js Marked module (before 0.3.1). The vulnerability is due to cross-site scripting in two vectors: gfm codeblocks (language) and javascript: URLs, allowing remote attackers to inject arbitrary script/HTML. The OSV and NVD records corroborate XSS in Marked prior to 0....
CVE-2015-8854
CVE-2015-8854 details (concrete): The vulnerability affects the Node.js marked module prior to 0.3.4. It enables a denial of service (CPU exhaustion) via unspecified vectors that trigger a catastrophic backtracking issue in the Em inline rule, i.e., a ReDoS. Affected products in public docs inclu...
CVE-2017-16114
CVE-2017-16114 affects the marked Markdown parser module. Vulnerable behavior is a regular expression denial of service when processing untrusted input; measurements report about 1,000 characters blocking the event loop for around 6 seconds. Affected environments are those that install the marked...
CVE-2018-25110
CVE-2018-25110 affects the markedjs/marked parser. The vulnerability stems from catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links, allowing a Regular Expression Denial of Service (ReDoS) via crafted markdown input (e.g., deeply nested or repeti...