Uzitech

**Name of the Vulnerable Software and Affected Versions** Marked versions prior to 4.0.10 **Description** The issue is related to a denial of service caused by the regular expression `inline.reflinkSearch` potentially leading to catastrophic backtracking against some strings. This can affect anyone who runs untrusted markdown through a vulnerable version of Marked and does not use a worker with a time limit. **Recommendations** For versions prior to 4.0.10, upgrade to version 4.0.10 to resolve the issue. As a temporary workaround, avoid running untrusted markdown through Marked or run Marked on a worker thread and set a reasonable time limit to prevent draining resources.

**Name of the Vulnerable Software and Affected Versions** Marked versions prior to 4.0.10 **Description** The issue is related to the regular expression `block.def` which may cause catastrophic backtracking against some strings, leading to a regular expression denial of service (ReDoS). This can affect anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit. **Recommendations** For versions prior to 4.0.10, upgrade to version 4.0.10 to resolve the issue. As a temporary workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.