CVE-2017-17461 – marked

Package

Manager: npm
Name: marked
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Moderate severity vulnerability that affects marked # Withdrawn This advisory has been withdrawn, per NVD: ["This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue."](https://nvd.nist.gov/vuln/detail/CVE-2017-17461) # Original Description A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

Metadata

Created: 2018-01-04T21:04:09Z
Modified: 2021-12-02T22:47:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/01/GHSA-crmx-v835-hcp4/GHSA-crmx-v835-hcp4.json
CWE IDs: []
Alternative ID: GHSA-crmx-v835-hcp4
Finding: N/A
Auto approve: 0