Description

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

Remediation

References

CVE-2022-21670

Related Vulnerabilities

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6497)

WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)

WordPress Plugin Advanced Order Export For WooCommerce Cross-Site Scripting (3.1.3)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8155)

Severity

Medium

Classification

CVE-2022-21670 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Missing Update Known Vulnerabilities