Headline
GHSA-636f-xm5j-pj9m: Several quadratic complexity bugs may lead to denial of service in Commonmarker
Impact
Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
For more information, consult the release notes for version 0.23.0.gfm.7.
Mitigation
Users are advised to upgrade to commonmarker version 0.23.7.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-636f-xm5j-pj9m
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate severity GitHub Reviewed Published Jan 24, 2023 in gjtorikian/commonmarker • Updated Jan 24, 2023
Vulnerability details Dependabot alerts 0
Package
bundler commonmarker (RubyGems)
Affected versions
< 0.23.7
Patched versions
0.23.7
Description
Impact
Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
- CVE-2023-22483
- CVE-2023-22484
- CVE-2023-22485
- CVE-2023-22486
For more information, consult the release notes for version 0.23.0.gfm.7.
Mitigation
Users are advised to upgrade to commonmarker version 0.23.7.
References
- GHSA-636f-xm5j-pj9m
gjtorikian published the maintainer security advisory
Jan 24, 2023
Severity
Moderate
Weaknesses
CWE-400
CVE ID
No known CVE
GHSA ID
GHSA-636f-xm5j-pj9m
Source code
gjtorikian/commonmarker
Checking history
See something to contribute? Suggest improvements for this vulnerability.