CVE-2018-25110: 
JavaScript vulnerability analysis and mitigation

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. The vulnerability was discovered and reported by security researchers in February 2018 (GitHub Issue, Wiz Report).

The vulnerability exists in two specific regex patterns: one for parsing HTML closing tags and another for parsing nolink markdown syntax. The issue occurs due to improper regular expressions that can cause catastrophic backtracking when parsing HTML tags and markdown links. The vulnerability has been assigned a CVSS v4.0 score of 6.9 (MEDIUM) by Checkmarx (NVD, Wiz Report).

When exploited, this vulnerability can cause the parser to hang and lead to a Denial of Service condition. This is particularly concerning for server-side implementations where the marked library processes user-provided markdown input (Wiz Report).

The vulnerability was fixed in version 0.3.17 by modifying the problematic regular expressions to prevent catastrophic backtracking. Users should upgrade to version 0.3.17 or later to receive the security fix (Wiz Report, GitHub PR).