Skip to main content

Marked

4 CVEs product

Monthly

CVE-2018-25110 npm MEDIUM POC PATCH This Month

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Marked
NVD GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2021-21306 npm HIGH PATCH This Week

Marked is an open-source markdown parser and compiler (npm package "marked"). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Marked
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2015-8854 npm HIGH PATCH This Week

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Marked Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2015-1370 npm MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Node.js Marked
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Marked
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Marked is an open-source markdown parser and compiler (npm package "marked"). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Marked
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Marked +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Node.js Marked
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy