GHSA-x6m6-5hrf-fh6r

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing **text**+\n@[toc] causes the application to enter and infinite loop.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Ссылки

https://snyk.io/vuln/SNYK-JS-MARKDOWNITTOCANDANCHOR-73500
https://www.npmjs.com/advisories/749

Пакеты

Наименование

markdown-it-toc-and-anchor

npm

Затронутые версииВерсия исправления

< 4.2.0

4.2.0

7.5 High

CVSS3

Дефекты

CWE-400

7.5 High

CVSS3

Дефекты

CWE-400