Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gzan-ec95-93ex
Vulnerability ID VCID-gzan-ec95-93ex
Aliases CVE-2017-16114
GHSA-x5pg-88wf-qq4p
Summary Uncontrolled Resource Consumption The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
cvssv3.1 7.5 https://github.com/advisories/GHSA-x5pg-88wf-qq4p
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x5pg-88wf-qq4p
generic_textual HIGH https://github.com/advisories/GHSA-x5pg-88wf-qq4p
cvssv3.1 7.5 https://github.com/chjj/marked/issues/937
generic_textual HIGH https://github.com/chjj/marked/issues/937
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-16114
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2017-16114
cvssv3.1 7.5 https://www.npmjs.com/advisories/531
generic_textual HIGH https://www.npmjs.com/advisories/531
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-16114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16114
https://github.com/advisories/GHSA-x5pg-88wf-qq4p
https://github.com/chjj/marked/issues/937
https://nodesecurity.io/advisories/531
https://www.npmjs.com/advisories/531
CVE-2017-16114 https://nvd.nist.gov/vuln/detail/CVE-2017-16114
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/advisories/GHSA-x5pg-88wf-qq4p
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/chjj/marked/issues/937
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16114
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.npmjs.com/advisories/531
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61174
EPSS Score 0.00403
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:37:48.247248+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/marked/CVE-2017-16114.yml 38.6.0