CVE-2018-25110 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expres…
Medium CVSS: 6.9

CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.
Vendor
Marked Project
Product
Marked
CWE
CWE-1333
Yayın Tarihi
2025-05-23 15:15:20
Güncelleme
2025-08-13 15:42:28
Source Identifier
596c5446-0ce5-4ba2-aa66-48b3b757a647
KEV Date Added
-

Kategoriler

CWE-1333 Marked MEDIUM Marked Project 2025

Referanslar

https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2018/CVE-2018-25110 https://github.com/markedjs/marked/commit/20bfc106013ed45713a21672ad4a34df94dcd485 https://github.com/markedjs/marked/issues/1070 https://github.com/markedjs/marked/pull/1083