Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: marked-man

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2018-25110
updated 10 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 10 months, 3 weeks ago
  • @fricklerhandwerk accepted 10 months, 3 weeks ago
  • @fricklerhandwerk published on GitHub 10 months, 3 weeks ago
Regular Expression Denial of Service (ReDoS) in markedjs/marked

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

Affected products

marked
  • <0.3.17

Matching in nixpkgs

pkgs.marked-man

Markdown to roff wrapper around marked

Package maintainers