CVE-2015-8854

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

Versions 0.3.3 and earlier of `marked` are affected by a regular expression denial of service ( ReDoS ) vulnerability when passed inputs that reach the `em` inline rule. ## Recommendation Update to version 0.3.4 or later.

Versions 0.3.3 and earlier of `marked` are affected by a regular expression denial of service ( ReDoS ) vulnerability when passed inputs that reach the `em` inline rule. ## Recommendation Update to version 0.3.4 or later.

El paquete marked en versiones anteriores a 0.3.4 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de vectores no especificados que desencadenan un "problema de retroceso catastrófico para la regla em en línea", vulnerabilidad también conocida como "denegación de servicio de expresión regular (ReDoS)".