PT-2020-18334 · Github+4 · Github Flavored Markdown+4

Jonas Wagner

Published

2020-07-01

Updated

2023-10-06

CVE-2020-5238

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GitHub Flavored Markdown versions prior to 0.29.0.gfm.1

Description The issue is related to the time complexity of parsing certain markdown tables, which can take O(n * n) time. An attacker could craft a markdown table to cause a denial of service. This issue does not affect the upstream cmark project.

Recommendations For versions prior to 0.29.0.gfm.1, update to version 0.29.0.gfm.1 to resolve the issue. As a temporary workaround, consider restricting the use of markdown tables until the update is applied.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:1972

CESA-2021_1972

CVE-2020-5238

GHSA-7GC6-9QR5-HC85

RHSA-2021:1972

RHSA-2021_1972

RSEC-2023-6

Affected Products

Almalinux

Centos

Debian

Github Flavored Markdown

Red Hat

PT-2020-18334 · Github+4 · Github Flavored Markdown+4

CVE-2020-5238

Weakness Enumeration

Related Identifiers

Affected Products

References · 19