GHSA-48wp-p9qv-4j64

Suggest an improvement
Source
https://github.com/advisories/GHSA-48wp-p9qv-4j64
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-48wp-p9qv-4j64/GHSA-48wp-p9qv-4j64.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-48wp-p9qv-4j64
Published
2023-04-11T22:08:18Z
Modified
2023-04-11T22:15:45.199512Z
Summary
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Details

Impact

Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.23.0.gfm.10 and 0.23.0.gfm.11.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.9.

References

Affected packages

RubyGems / commonmarker

Package

Name
commonmarker
Purl
pkg:gem/commonmarker

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.9

Affected versions

0.*

0.0.1
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.9.2
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.14.7
0.14.8
0.14.9
0.14.11
0.14.12
0.14.13
0.14.14
0.14.15
0.15.0
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.16.6
0.16.7
0.16.8
0.17.0
0.17.1
0.17.2
0.17.4
0.17.5
0.17.6
0.17.7
0.17.7.1
0.17.8
0.17.9
0.17.10
0.17.11
0.17.12
0.17.13
0.18.0
0.18.1
0.18.2
0.19.0
0.20.0
0.20.1
0.20.2
0.21.0
0.21.1
0.21.2
0.22.0
0.23.0
0.23.1
0.23.2
0.23.4
0.23.5
0.23.6
0.23.7.pre1
0.23.7
0.23.8