QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8854

Published: Jan 23, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://nodesecurity.io/advisories/23

x_refsource_CONFIRM

[oss-security] 20160420 various vulnerabilities in Node.js packages

mailing-list

x_refsource_MLIST

https://support.f5.com/csp/article/K05052081?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

FEDORA-2020-d714c08261

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-5eca570e16

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.