package-lock.json
marked
Regular Expression Denial of Service Open
Open
"marked": {
"version": "12.0.0",
"resolved": "https://registry.npmjs.org/marked/-/marked-12.0.0.tgz",
"integrity": "sha512-Vkwtq9rLqXryZnWaQc86+FHLC6tr/fycMfYAhiOIXkrNmeGAyhSxjqu0Rs1i0bBqw5u0S7+lV9fdH2ZSVaoa0w==",
"dev": true
- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Recommendation:
Consider another markdown parser until the issue can be addressed.