Description

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.

Remediation

References

https://github.com/ariabuckles/simple-markdown/commit/89797fef9abb4cab2fb76a335968266a92588816

https://github.com/ariabuckles/simple-markdown/releases/tag/0.5.2

https://vuldb.com/?ctiid.220639

https://vuldb.com/?id.220639

Related Vulnerabilities

CVE-2021-3918 Vulnerability in npm package json-schema

CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2

CVE-2015-7294 Vulnerability in npm package ldapauth-fork

CVE-2021-24033 Vulnerability in npm package react-dev-utils

CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Release Notes Third Party Advisory