Description

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability.

Remediation

References

https://github.com/ariabuckles/simple-markdown/commit/015a719bf5cdc561feea05500ecb3274ef609cd2

https://github.com/ariabuckles/simple-markdown/pull/73

https://github.com/ariabuckles/simple-markdown/releases/tag/0.6.1

https://vuldb.com/?ctiid.220638

https://vuldb.com/?id.220638

Related Vulnerabilities

CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web

CVE-2021-23926 Vulnerability in maven package org.apache.xmlbeans:xmlbeans

CVE-2021-4307 Vulnerability in maven package org.webjars.npm:baobab

CVE-2021-32723 Vulnerability in npm package prismjs

CVE-2023-29014 Vulnerability in maven package io.goobi.viewer:viewer-core

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Exploit Issue Tracking Release Notes Permissions Required Third Party Advisory