Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-x5pg-88wf-qq4p

GitHub Security Advisory

Regular Expression Denial of Service in marked

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Affected versions of `marked` are vulnerable to a regular expression denial of service.

The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds.

## Recommendation

Update to version 0.3.9 or later.

Affected Packages

npm marked
Affected versions: 0 (fixed in 0.3.9)

Related CVEs

CVE-2017-16114

Key Information

GHSA ID
GHSA-x5pg-88wf-qq4p
Published
July 24, 2018 8:10 PM
Last Modified
September 7, 2023 10:11 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
marked
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.