GHSA-4xf9-pgvv-xx67

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Duplicate Advisory: Regular Expression Denial of Service in simple-markdown

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-gpvj-gp8c-c7p2. This link is maintained to preserve external references.

Original Description

Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS). The SimpleMarkdown.defaultInlineParse() function has significantly degraded performance when parsing inline code blocks.

Recommendation

Upgrade to version 0.5.2 or later.

Ссылки

https://github.com/Khan/simple-markdown/issues/71
https://github.com/ariabuckles/simple-markdown/commit/89797fef9abb4cab2fb76a335968266a92588816
https://snyk.io/vuln/SNYK-JS-SIMPLEMARKDOWN-460540

Пакеты

Наименование

simple-markdown

npm

Затронутые версииВерсия исправления

< 0.5.2

0.5.2

5.3 Medium

CVSS3

Дефекты

CWE-400

5.3 Medium

CVSS3

Дефекты

CWE-400