package-lock.json
marked
Regular Expression Denial of Service Open
Open
"marked": {
"version": "0.3.19",
"resolved": "https://registry.npmjs.org/marked/-/marked-0.3.19.tgz",
"integrity": "sha512-ea2eGWOqNxPcXv8dyERdSr/6FmzvWwzjMxpfGB/sbMccXoct+xY+YukPD+QTUZwyvK7BZwcr4m21WBOW41pAkg=="
},
- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Recommendation:
Consider another markdown parser until the issue can be addressed.