Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-636f-xm5j-pj9m: Several quadratic complexity bugs may lead to denial of service in Commonmarker

Impact

Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.23.0.gfm.7.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.7.

ghsa
#vulnerability#dos#git#ruby
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-636f-xm5j-pj9m

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Moderate severity GitHub Reviewed Published Jan 24, 2023 in gjtorikian/commonmarker • Updated Jan 24, 2023

Vulnerability details Dependabot alerts 0

Package

bundler commonmarker (RubyGems)

Affected versions

< 0.23.7

Patched versions

0.23.7

Description

Impact

Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

  • CVE-2023-22483
  • CVE-2023-22484
  • CVE-2023-22485
  • CVE-2023-22486

For more information, consult the release notes for version 0.23.0.gfm.7.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.7.

References

  • GHSA-636f-xm5j-pj9m

gjtorikian published the maintainer security advisory

Jan 24, 2023

Severity

Moderate

Weaknesses

CWE-400

CVE ID

No known CVE

GHSA ID

GHSA-636f-xm5j-pj9m

Source code

gjtorikian/commonmarker

Checking history

See something to contribute? Suggest improvements for this vulnerability.

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission