CVE-2022-21670

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

Ссылки

https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
Patch
Third Party Advisory
https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
Exploit
Third Party Advisory
https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
Patch
Third Party Advisory
https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:markdown-it_project:markdown-it:*:*:*:*:*:*:*:*

Версия до 12.3.1 (включая)

EPSS

Процентиль: 78%

0.01114

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-1333

Связанные уязвимости

CVE-2022-21670

CVSS3: 5.3

ubuntu

около 4 лет назад

CVE-2022-21670

CVSS3: 5.3

debian

около 4 лет назад

markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...

GHSA-6vfc-qv3f-vr6c

CVSS3: 5.3

github

около 4 лет назад

Uncontrolled Resource Consumption in markdown-it

EPSS

Процентиль: 78%

0.01114

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-1333