From 00a76e747e9082dcbd789c3161a9fea7efc26388 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Thu, 16 Aug 2018 13:10:12 -0700
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index f451579f75..5b2ac66b32 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -5590,6 +5590,33 @@
     "ref_name": "dos/http/ibm_lotus_notes2",
     "check": false
   },
+  "auxiliary_dos/http/marked_redos": {
+    "name": "marked npm module \"heading\" ReDoS",
+    "full_name": "auxiliary/dos/http/marked_redos",
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Adam Cazzolla, Sonatype Security Research",
+      "Nick Starke, Sonatype Security Research"
+    ],
+    "description": "This module exploits a Regular Expression Denial of Service vulnerability\n        in the npm module \"marked\". The vulnerable portion of code that this module\n        targets is in the \"heading\" regular expression. Web applications that use\n        \"marked\" for generating html from markdown are vulnerable. Versions up to\n        0.4.0 are vulnerable.",
+    "references": [
+      "URL-https://blog.sonatype.com/cve-2017-17461-vulnerable-or-not",
+      "CWE-400"
+    ],
+    "is_server": false,
+    "is_client": false,
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "targets": null,
+    "mod_time": "2018-08-16 14:59:32 +0000",
+    "path": "/modules/auxiliary/dos/http/marked_redos.rb",
+    "is_install_path": true,
+    "ref_name": "dos/http/marked_redos",
+    "check": false
+  },
   "auxiliary_dos/http/monkey_headers": {
     "name": "Monkey HTTPD Header Parsing Denial of Service (DoS)",
     "full_name": "auxiliary/dos/http/monkey_headers",