cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | cmark | < 0.30.3-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | cmark | < 0.30.3-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | cmark | < 0.30.3-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | cmark | < 0.30.3-r0 | UNKNOWN |