Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tbWg2LW03djktNTk1Ns4AArVk
Regular expression denial of service in markdown-link-extractor
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
Permalink: https://github.com/advisories/GHSA-mmh6-m7v9-5956JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tbWg2LW03djktNTk1Ns4AArVk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-mmh6-m7v9-5956, CVE-2021-43308
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-43308
- https://research.jfrog.com/vulnerabilities/markdown-link-extractor-redos-xray-211350/
- https://github.com/advisories/GHSA-mmh6-m7v9-5956
Affected Packages
npm:markdown-link-extractor
Dependent packages: 108Dependent repositories: 1,579
Downloads: 312,838 last month
Affected Version Ranges: >= 4.0.0, < 4.0.1, < 3.0.2
Fixed in: 4.0.1, 3.0.2
All affected versions: 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.3.0, 1.3.1, 2.0.0, 2.0.1, 3.0.0, 3.0.1, 4.0.0
All unaffected versions: 3.0.2, 3.1.0, 4.0.1, 4.0.2