Description

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability.

Remediation

References

https://github.com/ariabuckles/simple-markdown/commit/015a719bf5cdc561feea05500ecb3274ef609cd2

https://github.com/ariabuckles/simple-markdown/pull/73

https://github.com/ariabuckles/simple-markdown/releases/tag/0.6.1

https://vuldb.com/?ctiid.220638

https://vuldb.com/?id.220638

Related Vulnerabilities

CVE-2022-42890 Vulnerability in maven package org.apache.xmlgraphics:batik-script

CVE-2020-15156 Vulnerability in npm package nodebb-plugin-blog-comments

CVE-2021-31409 Vulnerability in maven package com.vaadin:vaadin-compatibility-server

CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-server

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:blazeds-core

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Exploit Issue Tracking Release Notes Permissions Required Third Party Advisory