Headline
CVE-2021-43308: markdown-link-extractor ReDoS | XRAY-211350
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function
CVE-2021-43308 | CVSS 5.9
JFrog Severity:medium
Published 30 May. 2022 | Last updated 30 May. 2022
Exponential ReDoS in markdown-link-extractor leads to denial of service
markdown-link-extractor
markdown-link-extractor (,3.0.1]|[4.0.0], fixed in 3.0.2 and 4.0.1
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function
'![' + '"\\"’.repeat(i))
No mitigations are supplied for this issue
NVD
Related news
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function