Description
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Remediation
References
https://nodesecurity.io/advisories/531
https://github.com/chjj/marked/issues/937
Related Vulnerabilities
CVE-2022-29894 Vulnerability in npm package strapi
CVE-2018-3738 Vulnerability in npm package protobufjs
CVE-2017-16100 Vulnerability in npm package dns-sync
CVE-2020-36320 Vulnerability in maven package com.vaadin:vaadin-server
CVE-2021-27582 Vulnerability in maven package org.mitre:openid-connect-server