Headline
GHSA-48wp-p9qv-4j64: Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Impact
Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm
library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
For more information, consult the release notes for version 0.23.0.gfm.10
and 0.23.0.gfm.11
.
Mitigation
Users are advised to upgrade to commonmarker version 0.23.9
.
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Moderate severity GitHub Reviewed Published Apr 11, 2023 in gjtorikian/commonmarker • Updated Apr 11, 2023