The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:marked_project:marked:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.3.9"
}
]
}