Regular Expression Denial of Service in Marked Module by Chjj
CVE-2017-16114

7.5HIGH

Key Information:

Vendor: Hackerone
Status: Marked Node Module
Vendor: CVE Published:; 7 June 2018

What is CVE-2017-16114?

The Marked module, developed by Chjj, is susceptible to a regular expression denial of service (ReDoS) attack, which can be exploited by sending specially crafted input. This vulnerability can cause the processing of up to 1,000 characters to stall for approximately 6 seconds, effectively denying service to legitimate users. It is crucial for developers using this module to be aware of this risk and apply necessary patches to mitigate potential impacts.

Affected Version(s)

marked node module All versions

References

https://nodesecurity.io/advisories/531

x_refsource_MISC

https://github.com/chjj/marked/issues/937

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2018
Vulnerability Reserved
Oct 29, 2017

Hackerone

What is CVE-2017-16114?

Affected Version(s)

References

CVSS V3.1

Timeline