CVE-2018-18385

Name of the Vulnerable Software and Affected Versions Asciidoctor versions prior to 1.5.8

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This loop occurs because Parser.next block does not exhaust all lines in the reader as expected, due to a disagreement between regular expressions detecting any list and those detecting a specific list type, causing lines to be pushed back onto the reader.

Recommendations For versions prior to 1.5.8, update to version 1.5.8 or later to resolve the issue. As a temporary workaround, consider disabling the Parser.next block function until a patch is available.