Description

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

INFO

Published Date :

2025-05-23T14:53:43.335Z

Last Modified :

2025-05-23T15:09:17.479Z

Source :

Checkmarx
AFFECTED PRODUCTS

The following products are affected by CVE-2018-25110 vulnerability.

Vendors Products
Marked Project
  • Marked
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2018-25110.

URL Resource
https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2018/CVE-2018-25110 cve-icon cve-icon
https://github.com/markedjs/marked/commit/20bfc106013ed45713a21672ad4a34df94dcd485 cve-icon cve-icon
https://github.com/markedjs/marked/issues/1070 cve-icon cve-icon
https://github.com/markedjs/marked/pull/1083 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact