Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-7VH7-FW88-WJ87
HistoryAug 08, 2023 - 5:12 p.m.

Several quadratic complexity bugs may lead to denial of service in Commonmarker

2023-08-0817:12:00
CWE-407
GitHub Advisory Database
github.com
16
commonmarker
cmark-gfm
denial of service
cve-2023-37463
upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.0%

JSON

Impact

Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.29.0.gfm.12.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.10.

Affected configurations

Vulners
Node
github_advisory_databasecommonmarkerRange<0.23.10
CPENameOperatorVersion
commonmarkerlt0.23.10

Related

cvelist 1
nvd 1
osv 3
prion 1
ubuntucve 1
debiancve 1
veracode 1
cve 1
cvelist
cvelist
CVE-2023-37463 Quadratic complexity bugs may lead to a denial of service
2023-07-13 19:22:16
nvd
nvd
CVE-2023-37463
2023-07-13 20:15:09
osv
osv
CVE-2023-37463
2023-07-13 20:15:09
Several quadratic complexity bugs may lead to denial of service in Commonmarker
2023-08-08 17:12:00
Denial of Service (DoS) vulnerabilities
2023-10-06 05:00:00
prion
prion
Design/Logic Flaw
2023-07-13 20:15:00
ubuntucve
ubuntucve
CVE-2023-37463
2023-07-13 00:00:00
debiancve
debiancve
CVE-2023-37463
2023-07-13 20:15:09
veracode
veracode
Denial Of Service (DoS)
2023-07-18 08:19:28
cve
cve
CVE-2023-37463
2023-07-13 20:15:09

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.0%

JSON
Related for GHSA-7VH7-FW88-WJ87
cvelist1nvd1osv3prion1ubuntucve1debiancve1veracode1cve1