CVE-2022-21681

Name of the Vulnerable Software and Affected Versions Marked versions prior to 4.0.10

Description The issue is related to a denial of service caused by the regular expression inline.reflinkSearch potentially leading to catastrophic backtracking against some strings. This can affect anyone who runs untrusted markdown through a vulnerable version of Marked and does not use a worker with a time limit.

Recommendations For versions prior to 4.0.10, upgrade to version 4.0.10 to resolve the issue. As a temporary workaround, avoid running untrusted markdown through Marked or run Marked on a worker thread and set a reasonable time limit to prevent draining resources.