CVE-2023-42821

Name of the Vulnerable Software and Affected Versions github.com/gomarkdown/markdown versions prior to 0.0.0-20230922105210-14b16010c2ee

Description The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Parsing malformed markdown input with a parser that uses the parser.Mmark extension could result in an out-of-bounds read issue. To exploit this, the parser needs to have the parser.Mmark extension set. The issue occurs inside the citation.go file on line 69 when the parser tries to access an element past its length, resulting in a denial of service.

Recommendations For versions prior to 0.0.0-20230922105210-14b16010c2ee, update to a version that includes the patch for this issue, such as 0.0.0-20230922105210-14b16010c2ee or later. As a temporary workaround, consider disabling the parser.Mmark extension until a patch is applied.