EIQ-2019-0024#

ID	EIQ-2019-0024
CVE	-
Description	marked is vulnerable to regular expression denial of service
Date	29 Apr 2019
Severity	2 - MEDIUM
CVSSv3 score	CVSSv3 score not available on NIST NVD.
Status	✅ 2.5.0
Assessment	marked versions 0.3.14 and later, and versions 0.6.1 and earlier, is vulnerable to regular expression denial of service (ReDoS). It may take quadratic time for the inline.text regex to scan for possible email addresses. This may result in a denial of service (CPU consumption).
Mitigation	Upgrade marked to version 0.6.2 or later.
Affected versions	2.3.4 and 2.4.0
Notes	For more information, see: npm security advisory about the vulnerability Snyk report about the vulnerability GitHub pull request with the bug fix