vulnerability

Debian: CVE-2018-25110: node-marked -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	May 28, 2025	May 28, 2025	May 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

May 28, 2025

Added

May 28, 2025

Modified

May 28, 2025

Description

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

Solution

debian-upgrade-node-marked

References

CVE-2018-25110
https://attackerkb.com/topics/CVE-2018-25110

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today