Marked ReDoS due to email addresses being evaluated in quadratic time

Published: Jun 5, 2019
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-xf5p-87ch-gxw2" target="_blank" rel="noopener"> GHSA-xf5p-87ch-gxw2
Severity: Medium
Exploit:

Versions of marked from 0.3.14 until 0.6.2 are vulnerable to Regular Expression Denial of Service. Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion.