Description

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability.

Remediation

References

https://github.com/ariabuckles/simple-markdown/commit/015a719bf5cdc561feea05500ecb3274ef609cd2

https://github.com/ariabuckles/simple-markdown/pull/73

https://github.com/ariabuckles/simple-markdown/releases/tag/0.6.1

https://vuldb.com/?ctiid.220638

https://vuldb.com/?id.220638

Related Vulnerabilities

CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

CVE-2023-0872 Vulnerability in maven package org.opennms:opennms-webapp-rest

CVE-2020-36732 Vulnerability in maven package org.webjars.bower:crypto-js

CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-28248 Vulnerability in npm package png-img

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Exploit Issue Tracking Release Notes Permissions Required Third Party Advisory