CVE-2022-21680

Name of the Vulnerable Software and Affected Versions Marked versions prior to 4.0.10

Description The issue is related to the regular expression block.def which may cause catastrophic backtracking against some strings, leading to a regular expression denial of service (ReDoS). This can affect anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit.

Recommendations For versions prior to 4.0.10, upgrade to version 4.0.10 to resolve the issue. As a temporary workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.