Regular Expression Denial of Service

Published: Feb 25, 2021
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-7m7q-q53v-j47v" target="_blank" rel="noopener"> GHSA-7m7q-q53v-j47v
Severity: Medium
Exploit:

A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens in a single line.