Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4NzctcnAzOS1jNnZn
Regular Expression Denial of Service in markdown
All versions of markdown
are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML()
function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Permalink: https://github.com/advisories/GHSA-wx77-rp39-c6vgJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4NzctcnAzOS1jNnZn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-wx77-rp39-c6vg
References: Blast Radius: 0.0
Affected Packages
npm:markdown
Dependent packages: 1,018Dependent repositories: 58,307
Downloads: 299,212 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.1, 0.3.0, 0.3.1, 0.4.0, 0.5.0