Description

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability.

Remediation

References

https://github.com/ariabuckles/simple-markdown/commit/015a719bf5cdc561feea05500ecb3274ef609cd2

https://github.com/ariabuckles/simple-markdown/pull/73

https://github.com/ariabuckles/simple-markdown/releases/tag/0.6.1

https://vuldb.com/?ctiid.220638

https://vuldb.com/?id.220638

Related Vulnerabilities

CVE-2018-19048 Vulnerability in npm package simditor

CVE-2021-23518 Vulnerability in npm package cached-path-relative

CVE-2023-48711 Vulnerability in npm package google-translate-api-browser

CVE-2020-4051 Vulnerability in npm package dijit

CVE-2021-21633 Vulnerability in maven package org.jenkins-ci.plugins:dependency-track

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Exploit Issue Tracking Release Notes Permissions Required Third Party Advisory