The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HMarked Project Marked
APPMarked Project< 0.3.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
Related vulnerabilities
CVE-2026-41680HIGH8.7ten sam produkt
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerabil...
CVE-2022-21680HIGH7.5ten sam produkt
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may caus...
CVE-2022-21681HIGH7.5ten sam produkt
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearc...
CVE-2015-8854HIGH7.5ten sam produkt
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) vi...
CVE-2018-25110MEDIUM6.9ten sam produkt
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to c...