CVE-2017-17461 — Project Marked vulnerability

5 documents3 sources

Severity

—MEDIUM

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Marked Project Marked

Timeline

PublishedJan 4

Description

Moderate severity vulnerability that affects marked # Withdrawn This advisory has been withdrawn, per NVD: ["This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue."](https://nvd.nist.gov/vuln/detail/CVE-2017-17461) # Original Description A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a malic…

Affected Packages1 packages

▶npmmarked_project/marked< 0.3.9

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects marked↗2018-01-04

▶

OSV

Moderate severity vulnerability that affects marked↗2018-01-04

▶

💬Community

Bugzilla

CVE-2017-17461 marked: ReDoS in marked.js [epel-all]↗2017-12-11

▶

Bugzilla

CVE-2017-17461 marked: ReDoS in marked.js [fedora-all]↗2017-12-11

▶

Bugzilla

CVE-2017-17461 marked: ReDoS in marked.js↗2017-12-11

▶