Description
All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.0.0
References
Related Issues
- Elliptic's EDDSA missing signature length check - CVE-2024-42459
- @langchain/community SQL Injection vulnerability - CVE-2024-7042
- Nuxt Devtools has a Path Traversal: '../filedir - CVE-2024-23657
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- markdown
Anything's wrong? Let us know Last updated on January 09, 2023