Regular Expression Denial of Service in simple-markdown

2020-09-03T20:27:46
ID GHSA-4XF9-PGVV-XX67
Type github
Reporter GitHub Advisory Database
Modified 2020-09-03T20:27:46

Description

Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS). The SimpleMarkdown.defaultInlineParse() function has significantly degraded performance when parsing inline code blocks.

Recommendation

Upgrade to version 0.5.2 or later.