Description
All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.0.0
References
Related Issues
- ua-parser-js Regular Expression Denial of Service vulnerability - CVE-2020-7793
- markdown-it is has a Regular Expression Denial of Service (ReDoS) - CVE-2026-2327
- tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
- prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
You might also like:
- Tags:
- npm
- markdown
Anything's wrong? Let us know Last updated on January 09, 2023