What the vulnerability does

01Description

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

Key dates

02Disclosure timeline

June 7, 2018 CVE published
September 17, 2024 Record updated