CVE-2018-25110 Regular Expression Denial of Service (ReDoS) in markedjs/marked

May 23, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2018-25110 Regular Expression Denial of Service (ReDoS) in markedjs/marked
Type cve
Published 2025-05-23T14:53:43
Last Seen 2025-05-23T15:29:31

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description This vulnerability is a Regular Expression Denial of Service (ReDoS) in marked.js, a popular JavaScript Markdown parser. It occurs due to catastrophic backtracking in regular expressions used for parsing HTML tags. Versions prior to 0.3.17 are affected.
AI Severity Medium
Vendor marked.js Community
Product marked
Affected Version versions prior to 0.3.17

Additional Information

CVE List CVE-2018-25110
CWE List CWE-1333
Bulletin Family cve

Description

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and…

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.