GHSA-gpvj-gp8c-c7p2

Suggest an improvement
Source
https://github.com/advisories/GHSA-gpvj-gp8c-c7p2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-gpvj-gp8c-c7p2/GHSA-gpvj-gp8c-c7p2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gpvj-gp8c-c7p2
Aliases
Published
2023-02-12T15:30:24Z
Modified
2023-11-08T04:01:33.611371Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Regular Expression Denial of Service in simple-markdown
Details

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.

Database specific
{
    "github_reviewed_at": "2023-02-14T01:02:08Z",
    "github_reviewed": true,
    "nvd_published_at": "2023-02-12T15:15:00Z",
    "cwe_ids": [
        "CWE-1333"
    ],
    "severity": "HIGH"
}
References

Affected packages

npm / simple-markdown

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.2