GHSA-7vh7-fw88-wj87

Source

https://github.com/advisories/GHSA-7vh7-fw88-wj87

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-7vh7-fw88-wj87/GHSA-7vh7-fw88-wj87.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7vh7-fw88-wj87

Published

2023-08-08T17:12:00Z

Modified

2024-12-01T05:31:38.658446Z

Summary

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Details

Impact

Several quadratic complexity bugs in commonmarker's underlying <code>cmark-gfm</code> library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

CVE-2023-37463

For more information, consult the release notes for version <code>0.29.0.gfm.12</code>.

Mitigation

Users are advised to upgrade to commonmarker version <code>0.23.10</code>.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-407"
    ],
    "github_reviewed_at": "2023-08-08T17:12:00Z",
    "nvd_published_at": null
}

References

Affected packages

RubyGems / commonmarker

Package

Name: commonmarker
Purl: pkg:gem/commonmarker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.23.10

Affected versions

0.*

0.0.1

0.1.0

0.1.1

0.1.2

0.1.3

0.2.0

0.2.1

0.3.0

0.4.0

0.4.1

0.5.0

0.5.1

0.6.0

0.7.0

0.8.0

0.9.0

0.9.1

0.9.2

0.10.0

0.11.0

0.12.0

0.13.0

0.14.0

0.14.1

0.14.2

0.14.3

0.14.4

0.14.5

0.14.6

0.14.7

0.14.8

0.14.9

0.14.11

0.14.12

0.14.13

0.14.14

0.14.15

0.15.0

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.16.5

0.16.6

0.16.7

0.16.8

0.17.0

0.17.1

0.17.2

0.17.4

0.17.5

0.17.6

0.17.7

0.17.7.1

0.17.8

0.17.9

0.17.10

0.17.11

0.17.12

0.17.13

0.18.0

0.18.1

0.18.2

0.19.0

0.20.0

0.20.1

0.20.2

0.21.0

0.21.1

0.21.2

0.22.0

0.23.0

0.23.1

0.23.2

0.23.4

0.23.5

0.23.6

0.23.7.pre1

0.23.7

0.23.8

0.23.9