GHSA-48wp-p9qv-4j64

Source

https://github.com/advisories/GHSA-48wp-p9qv-4j64

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-48wp-p9qv-4j64/GHSA-48wp-p9qv-4j64.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-48wp-p9qv-4j64

Published

2023-04-11T22:08:18Z

Modified

2024-12-04T05:41:10.781623Z

Summary

Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service

Details

Impact

Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.23.0.gfm.10 and 0.23.0.gfm.11.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.9.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-11T22:08:18Z"
}

References

Affected packages

RubyGems / commonmarker

Package

Name: commonmarker
Purl: pkg:gem/commonmarker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.23.9

Affected versions

0.*

0.0.1

0.1.0

0.1.1

0.1.2

0.1.3

0.2.0

0.2.1

0.3.0

0.4.0

0.4.1

0.5.0

0.5.1

0.6.0

0.7.0

0.8.0

0.9.0

0.9.1

0.9.2

0.10.0

0.11.0

0.12.0

0.13.0

0.14.0

0.14.1

0.14.2

0.14.3

0.14.4

0.14.5

0.14.6

0.14.7

0.14.8

0.14.9

0.14.11

0.14.12

0.14.13

0.14.14

0.14.15

0.15.0

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.16.5

0.16.6

0.16.7

0.16.8

0.17.0

0.17.1

0.17.2

0.17.4

0.17.5

0.17.6

0.17.7

0.17.7.1

0.17.8

0.17.9

0.17.10

0.17.11

0.17.12

0.17.13

0.18.0

0.18.1

0.18.2

0.19.0

0.20.0

0.20.1

0.20.2

0.21.0

0.21.1

0.21.2

0.22.0

0.23.0

0.23.1

0.23.2

0.23.4

0.23.5

0.23.6

0.23.7.pre1

0.23.7

0.23.8