Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
Remediation
References
https://research.jfrog.com/vulnerabilities/markdown-link-extractor-redos-xray-211350/
Related Vulnerabilities
CVE-2022-26612 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2020-11002 Vulnerability in maven package io.dropwizard:dropwizard-validation
CVE-2018-1306 Vulnerability in maven package org.apache.portals.pluto:portletv3annotateddemo
CVE-2019-16728 Vulnerability in npm package dompurify
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp