1. CVE-Search
  2. CVE-2015-8854
ID CVE-2015-8854
Summary The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."
References
Vulnerable Configurations
  • cpe:2.3:a:marked_project:marked:0.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.4:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.5:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.5:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.6:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.6:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.7:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.7:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.8:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.8:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.0.9:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.0.9:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.4:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.5:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.5:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.6:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.6:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.7:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.7:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.8:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.8:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.1.9:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.1.9:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.2-1:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.2-1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.4:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.4-1:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.4-1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.5:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.5:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.5c:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.5c:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.6:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.6:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.7:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.7:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.8:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.8:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.9:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.9:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.2.10:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.2.10:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.3.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.3.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.3.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.3.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.3.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.3.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:marked_project:marked:0.3.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:marked_project:marked:0.3.3:*:*:*:*:node.js:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 09-02-2024 - 03:01)
Impact:
Exploitability:
CWE CWE-1333
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
confirm
fedora
  • FEDORA-2020-5eca570e16
  • FEDORA-2020-d714c08261
mlist [oss-security] 20160420 various vulnerabilities in Node.js packages
Last major update 09-02-2024 - 03:01
Published 23-01-2017 - 21:59
Last modified 09-02-2024 - 03:01
Back to Top