Описание
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-turndown | fixed | 7.2.2+~2.2.0~git20240406-1 | package | |
| node-turndown | no-dsa | trixie | package | |
| node-turndown | no-dsa | bookworm | package |
Примечания
https://github.com/mixmark-io/turndown/issues/501
https://github.com/mixmark-io/turndown/pull/504
https://github.com/mixmark-io/turndown/commit/8ed049935ac235cc009e9a7412c0a6fe6ab5b223 (v7.2.2)
EPSS
Связанные уязвимости
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
EPSS