Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4NzctcnAzOS1jNnZn

Regular Expression Denial of Service in markdown

All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Permalink: https://github.com/advisories/GHSA-wx77-rp39-c6vg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4NzctcnAzOS1jNnZn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

Identifiers: GHSA-wx77-rp39-c6vg
References:

Blast Radius: 0.0

Affected Packages

npm:markdown

Dependent packages: 1,018
Dependent repositories: 58,307
Downloads: 299,212 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.1, 0.3.0, 0.3.1, 0.4.0, 0.5.0