GHSA-wx77-rp39-c6vg

ADVISORY - github

Summary

All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

GitHub

CREATED

5 years ago

UPDATED

4 years ago

ADVISORY IDGHSA-wx77-rp39-c6vg⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
markdown	npm	-	-	>=0.0.0	Not yet available

Severity and metrics

No CVSS data available from this advisory.

GitLab

CREATED

5 years ago

UPDATED

5 years ago

ADVISORY ID

GMS-2020-366

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-937⁠

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-2x7r-wfp4-mpwh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-4qvr-r4gf-fx6f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-4r7m-jm37-66f4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY ID

CGA-5h3q-g7v8-fvfq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-5r4h-vpp8-w2fq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY ID

CGA-7wfr-6jj7-3h5j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-9grf-p25v-hjmr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-9h3f-784c-c7wm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-c5rc-v3gw-hpv8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-c899-rf68-r4r2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

CGA-cj8w-xqm5-m6vc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-f3g9-gh6q-jc8j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-g7r9-xcp8-gcv7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-gxrp-3r5j-g6hx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-hcq7-g3cr-h3fq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-hgjq-rf6x-5gg4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

CGA-jchm-x63g-38ww

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY ID

CGA-m54g-rr87-xc3f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-mq82-gfgr-37rr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-q42h-2c3g-rjxq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-qc53-vgm3-m3v2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY ID

CGA-qmc3-fh88-h6cq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

CGA-r3pr-vfww-8f82

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-r8m4-7q6r-m2h5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-v4r9-8f44-3mp9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-vh75-hcjc-pm5j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-w8qq-69hf-x2pj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-wjm3-mhp8-cfj6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

CGA-x3rx-39hh-f4xx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-xjwr-gm57-4p37

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY