Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH
Infinite loop in github.com/gomarkdown/markdown
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit a2a9c4f76ef5a5c32108e36f7c47f8d310322252 contains fixes to this problem.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 days ago
Updated: 1 day ago
Identifiers: GHSA-xhr3-wf7j-h255, CVE-2024-44337
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-44337
- https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252
- https://github.com/Brinmon/CVE-2024-44337
- https://github.com/advisories/GHSA-xhr3-wf7j-h255
Blast Radius: 0.0
Affected Packages
go:github.com/gomarkdown/markdown
Dependent packages: 1,252Dependent repositories: 1,009
Downloads:
Affected Version Ranges: < 0.0.0-20240729232818-a2a9c4f
Fixed in: 0.0.0-20240729232818-a2a9c4f
All affected versions: 0.0.0-20190912180731-281270bc6d83, 0.0.0-20191123064959-2c17d62f5098, 0.0.0-20200820230800-3724143f5294, 0.0.0-20200824053859-8c8b3816f167, 0.0.0-20201113031856-722100d81a8e, 0.0.0-20210514010506-3b9f47219fe7, 0.0.0-20210918222519-d0f88e9eb6e5, 0.0.0-20220310201231-552c6011c0b8, 0.0.0-20220607163217-45f7c050e2d1, 0.0.0-20220627144906-e9a81102ebeb, 0.0.0-20220731190611-dcdaee8e7a53, 0.0.0-20220825072242-90efaac57fb4, 0.0.0-20220829112121-a940a8f5bc05, 0.0.0-20221013030248-663e2500819c, 0.0.0-20230309071026-b9a42cb9b4a0, 0.0.0-20230309071408-e444975d2bd9, 0.0.0-20230309071618-d640a388c6c5, 0.0.0-20230309072206-3418bbfe2069, 0.0.0-20230309073835-0cff362ab5d9, 0.0.0-20230309081604-09e1818272d6, 0.0.0-20230309083625-de14518eadd0, 0.0.0-20230309092824-3238e54d4819, 0.0.0-20230310225216-e92f2877bcce, 0.0.0-20230311184306-fc0ebebbe9af, 0.0.0-20230311185209-fc3f3a72c23a, 0.0.0-20230311204719-630fdb2a10ae, 0.0.0-20230311221154-ee98e42be4e5, 0.0.0-20230312001534-ae1a42e38ef1, 0.0.0-20230312174038-279c45774906, 0.0.0-20230312215031-f439dd2b4436, 0.0.0-20230313173142-2ced44d5b584, 0.0.0-20230321044648-154b583bceb3, 0.0.0-20230321061146-9af27b67c68e, 0.0.0-20230322035321-5f17e2f50624, 0.0.0-20230322041520-c84983bdbf2a, 0.0.0-20230711084535-11b03c0ae6d6, 0.0.0-20230714230225-84ecad09a30a, 0.0.0-20230715013231-a46a3be917c7, 0.0.0-20230716120725-531d2d74bc12, 0.0.0-20230912175223-14b07df9d538, 0.0.0-20230916125811-7478c230c7cd, 0.0.0-20230922105210-14b16010c2ee, 0.0.0-20230922112808-5421fefb8386, 0.0.0-20231115200524-a660076da3fd, 0.0.0-20231222211730-1d6d20845b47
All unaffected versions: