Vulnerability Database

300,445

Total vulnerabilities in the database

Marked ReDoS due to email addresses being evaluated in quadratic time

Versions of marked from 0.3.14 until 0.6.2 are vulnerable to Regular Expression Denial of Service. Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.

Recommendation

Upgrade to version 0.6.2 or later.

Published: Jun 5, 2019
Updated: Apr 14, 2023
GHSA: GHSA-xf5p-87ch-gxw2
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
marked	0.3.14	0.6.2

https://github.com/markedjs/marked/commit/b15e42b67cec9ded8505e9d68bb8741ad7a9590d
https://github.com/markedjs/marked/pull/1460
https://github.com/markedjs/marked/releases/tag/v0.6.2
https://snyk.io/vuln/SNYK-JS-MARKED-174116
https://www.npmjs.com/advisories/812

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo