GHSA-4qw4-jpp4-8gvp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4qw4-jpp4-8gvp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-4qw4-jpp4-8gvp/GHSA-4qw4-jpp4-8gvp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4qw4-jpp4-8gvp
- Published
- 2022-09-21T18:18:05Z
- Modified
- 2024-12-02T05:40:51.750783Z
- Summary
- Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
- Details
-
Impact
CommonMarker uses
cmark-gfmfor rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.Patches
This vulnerability has been patched in the following CommonMarker release:
- v0.23.6
Workarounds
Disable use of the autolink extension.
References
https://github.com/gjtorikian/commonmarker/pull/190 https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q https://en.wikipedia.org/wiki/Time_complexity
For more information
If you have any questions or comments about this advisory: * Open an issue in github/cmark-gfm
Acknowledgements
We would like to thank Legit Security for reporting this vulnerability.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-09-21T18:18:05Z" }- References
Affected packages
RubyGems / commonmarker
Package
- Name
- commonmarker
- Purl
- pkg:gem/commonmarker
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.23.6
Affected versions
0.*
0.0.1
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.9.2
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.14.7
0.14.8
0.14.9
0.14.11
0.14.12
0.14.13
0.14.14
0.14.15
0.15.0
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.16.6
0.16.7
0.16.8
0.17.0
0.17.1
0.17.2
0.17.4
0.17.5
0.17.6
0.17.7
0.17.7.1
0.17.8
0.17.9
0.17.10
0.17.11
0.17.12
0.17.13
0.18.0
0.18.1
0.18.2
0.19.0
0.20.0
0.20.1
0.20.2
0.21.0
0.21.1
0.21.2
0.22.0
0.23.0
0.23.1
0.23.2
0.23.4
0.23.5