Description
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Remediation
References
https://github.com/chjj/marked/issues/937
https://nodesecurity.io/advisories/531
Related Vulnerabilities
CVE-2020-11072 Vulnerability in npm package slp-validate
CVE-2020-35149 Vulnerability in npm package mquery
CVE-2021-23926 Vulnerability in maven package org.apache.xmlbeans:xmlbeans
CVE-2022-25875 Vulnerability in npm package svelte
CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models