Lucene search
K

6 matches found

CVE
CVE
added 2022/01/14 12:0 a.m.203 views

CVE-2022-21680

CVE-2022-21680 affects the Node.js Marked markdown parser. Prior to 4.0.10, regex block.def can cause catastrophic backtracking leading to ReDoS when processing untrusted markdown; patch is 4.0.10. Workarounds include running Marked in a worker thread with a reasonable time limit or avoiding untr...

7.5CVSS7.2AI score0.02828EPSS
CVE
CVE
added 2022/01/14 12:0 a.m.176 views

CVE-2022-21681

CVE-2022-21681 affects the Marked markdown parser. The vulnerability is caused by the regular expression inline.reflinkSearch, which may cause catastrophic backtracking and a denial of service when processing untrusted Markdown. Affected versions are prior to 4.0.10. The issue is patched in 4.0.1...

7.5CVSS7.2AI score0.02743EPSS
CVE
CVE
added 2020/01/06 7:41 p.m.101 views

CVE-2014-3743

CVE-2014-3743 affects the Node.js Marked module (before 0.3.1). The vulnerability is due to cross-site scripting in two vectors: gfm codeblocks (language) and javascript: URLs, allowing remote attackers to inject arbitrary script/HTML. The OSV and NVD records corroborate XSS in Marked prior to 0....

6.1CVSS5.9AI score0.01715EPSS
CVE
CVE
added 2017/01/23 9:0 p.m.76 views

CVE-2015-8854

CVE-2015-8854 details (concrete): The vulnerability affects the Node.js marked module prior to 0.3.4. It enables a denial of service (CPU exhaustion) via unspecified vectors that trigger a catastrophic backtracking issue in the Em inline rule, i.e., a ReDoS. Affected products in public docs inclu...

7.8CVSS7.1AI score0.04334EPSS
CVE
CVE
added 2018/06/07 2:0 a.m.72 views

CVE-2017-16114

CVE-2017-16114 affects the marked Markdown parser module. Vulnerable behavior is a regular expression denial of service when processing untrusted input; measurements report about 1,000 characters blocking the event loop for around 6 seconds. Affected environments are those that install the marked...

7.5CVSS7.3AI score0.01758EPSS
CVE
CVE
added 2025/05/23 2:53 p.m.57 views

CVE-2018-25110

CVE-2018-25110 affects the markedjs/marked parser. The vulnerability stems from catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links, allowing a Regular Expression Denial of Service (ReDoS) via crafted markdown input (e.g., deeply nested or repeti...

7.5CVSS6.3AI score0.00493EPSS