The marked package prior to 0.3.4 for Node.js allows malicious users to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
marked project marked |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |