Home > Vulnerability Database > WS-2019-0024

Mend.io Vulnerability Database

WS-2019-0024

Good to know:

Date: January 13, 2019

A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens in a single line.

Language: JS

Severity Score

5.4

Related Resources (3)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1679550

Url: https://github.com/Feder1co5oave/marktex/commit/cc8a45288b59ca10a8fedaed9028072021be9999

Url: https://www.mend.io/vulnerability-database/WS-2019-0024

Severity Score

5.4

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Top Fix

Upgrade Version

Upgrade to version 0.6.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2019-0024

Good to know:

Date: January 13, 2019

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?