N/A

CVSS Score

Basic Information

CVE ID

CVE-2017-17461

GHSA ID

GHSA-crmx-v835-hcp4

EPSS Score

CWE

Published

1/4/2018

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-17461

CVE-2017-17461: Moderate severity vulnerability that affects marked

Withdrawn

This advisory has been withdrawn, per NVD: "This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue."

Original Description

A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2017-17461

GHSA ID

GHSA-crmx-v835-hcp4

EPSS Score

CWE

Published

1/4/2018

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS metrics data is empty

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
marked	npm	< 0.3.9	0.3.9

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability was originally reported as a ReDoS in marked.js' input processing. While no patch details are available, ReDoS vulnerabilities in Markdown parsers typically exist in regex-heavy inline content handlers. The Lexer.tokenize method initiates parsing, and InlineLexer.output processes inline elements - both would appear in stack traces during input processing. Confidence is medium due to lack of direct patch evidence, but aligns with the described attack vector and typical vulnerable components in Markdown parsers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# Wit**r*wn T*is **visory **s ***n wit**r*wn, p*r NV*: ["T*is **n*i**t* w*s wit**r*wn *y its *N*. *urt**r inv*sti**tion s*ow** t**t it w*s not * s**urity issu*."](*ttps://nv*.nist.*ov/vuln/**t*il/*V*-****-*****) # Ori*in*l **s*ription * R**ul*r *x

Reasoning

T** vuln*r**ility w*s ori*in*lly r*port** *s * R**oS in `m*rk**.js`' input pro**ssin*. W*il* no p*t** **t*ils *r* *v*il**l*, R**oS vuln*r**iliti*s in M*rk*own p*rs*rs typi**lly *xist in r***x-***vy inlin* *ont*nt **n*l*rs. T** `L*x*r.tok*niz*` m*t*o*

N/A

Basic Information

Concerned about an active attack path?

CVE-2017-17461: Moderate severity vulnerability that affects marked

Withdrawn

Original Description

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI