Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
Remediation
References
https://research.jfrog.com/vulnerabilities/markdown-link-extractor-redos-xray-211350/
Related Vulnerabilities
CVE-2021-30246 Vulnerability in maven package org.webjars.bower:jsrsasign
CVE-2022-0853 Vulnerability in maven package jboss:jboss-client
CVE-2020-28272 Vulnerability in npm package keyget
CVE-2018-17145 Vulnerability in npm package bcoin
CVE-2020-7677 Vulnerability in maven package org.webjars.npm:thenify