Description
All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.0.0
References
Related Issues
- useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
- Regular Expression Denial of Service in clean-css - Vulnerability
- Regular Expression Denial of Service in marked (GHSA-ch52-vgq2-943f) - Vulnerability
- Regular Expression Denial of Service (ReDoS) - Vulnerability
- Tags:
- npm
- markdown
Anything's wrong? Let us know Last updated on January 09, 2023