Lucene search

K
githubGitHub Advisory DatabaseGHSA-636F-XM5J-PJ9M
HistoryJan 24, 2023 - 6:12 p.m.

Several quadratic complexity bugs may lead to denial of service in Commonmarker

2023-01-2418:12:17
CWE-400
GitHub Advisory Database
github.com
14
quadratic complexity bugs
denial of service
commonmarker
cve-2023-22483
cve-2023-22484
cve-2023-22485
cve-2023-22486
resource exhaustion
mitigation
upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

37.5%

Impact

Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.23.0.gfm.7.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.7.

Affected configurations

Vulners
Node
gjtorikiancommonmarkerRange<0.23.7ruby

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

37.5%