PT-2022-28194 · Unknown+1 · Commonmarker+1
Published
2022-09-21
·
Updated
2022-09-21
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
CommonMarker versions prior to 0.23.6
Description
A polynomial time complexity issue in the autolink extension of
cmark-gfm, used by CommonMarker for rendering Github Flavored Markdown, may lead to unbounded resource exhaustion and subsequent denial of service.Recommendations
For versions prior to 0.23.6, update to version 0.23.6 to resolve the issue.
As a temporary workaround, consider disabling the use of the autolink extension until a patch is available.
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commonmarker
Cmark-Gfm