Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyMmctOGZyNC1xcGo0

High EPSS: 0.00403% (0.59693 Percentile) EPSS:
Permalink JSON

Regular Expression Denial of Service in remarkable

Affected Packages Affected Versions Fixed Versions
npm:remarkable
PURL: pkg:npm/remarkable
< 1.7.2 1.7.2
657 Dependent packages
25,524 Dependent repositories
4,050,666 Downloads last month

Affected Version Ranges

All affected versions

0.1.0, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1

All unaffected versions

1.7.2, 1.7.3, 1.7.4, 2.0.0, 2.0.1

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

References:

Identifiers

GHSA-q22g-8fr4-qpj4

CVE-2019-12041

Risk

Severity

High

EPSS

EPSS Percentage: 0.00403

EPSS Percentile: 0.59693

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jonschlinkert/remarkable

Date and time

Published

over 6 years ago

Updated

over 1 year ago

API

JSON