Description
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue.
Recommendation
Update the markdown-it package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.0
- Patched version(s): 3.0.0
References
Related Issues
- Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity - CVE-2025-58451
- Moment.js vulnerable to Inefficient Regular Expression Complexity - CVE-2022-31129
- rgb2hex vulnerable to inefficient regular expression complexity - CVE-2018-25061
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- Tags:
- npm
- markdown-it
Anything's wrong? Let us know Last updated on February 03, 2023