Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
Remediation
References
https://research.jfrog.com/vulnerabilities/markdown-link-extractor-redos-xray-211350/
Related Vulnerabilities
CVE-2021-21317 Vulnerability in npm package uap-core
CVE-2023-39013 Vulnerability in maven package no.priv.garshol.duke:duke
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api
CVE-2020-28487 Vulnerability in npm package vis-timeline
CVE-2022-40309 Vulnerability in maven package org.apache.archiva:maven2-repository