GHSA-wx77-rp39-c6vg

Suggest an improvement
Source
https://github.com/advisories/GHSA-wx77-rp39-c6vg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-wx77-rp39-c6vg/GHSA-wx77-rp39-c6vg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wx77-rp39-c6vg
Related
Published
2020-09-04T15:11:03Z
Modified
2022-03-24T22:10:13Z
Summary
Regular Expression Denial of Service in markdown
Details

All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:21Z"
}
References

Affected packages

npm / markdown

Package

Name
markdown
View open source insights on deps.dev
Purl
pkg:npm/markdown

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0