Name of the Vulnerable Software and Affected Versions: marked versions 0.3.7 and earlier

Description: The issue allows an attacker to inject arbitrary HTML events into the resulting a tag when mangling is disabled via the mangle option. This occurs because the target href is not escaped.

Recommendations: For versions 0.3.7 and earlier, consider disabling the mangle option to prevent arbitrary HTML event injection until a patch is available. Restrict access to the marked function to minimize the risk of exploitation. Avoid using the mangle option in the affected configuration until the issue is resolved.