VYPR
High severity7.5NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026

CVE-2015-8854

CVE-2015-8854

Description

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
markednpm
< 0.3.40.3.4

Affected products

4
  • cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*
    Range: <0.3.4
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.3.4

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.