UNKNOWN RubyGems
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
GHSA-48wp-p9qv-4j64
Published ยท Modified
Description
Impact
Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
For more information, consult the release notes for version 0.23.0.gfm.10 and 0.23.0.gfm.11.
Mitigation
Users are advised to upgrade to commonmarker version 0.23.9.
References
- WEB https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
- WEB https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
- WEB https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-48wp-p9qv-4j64
- WEB https://github.com/gjtorikian/commonmarker/pull/236
- WEB https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.10
- WEB https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.11
- PACKAGE https://github.com/gjtorikian/commonmarker
- WEB https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
Ready to move
Start Securing
Free, no credit card | First findings in minutes