Lucene search

K
githubGitHub Advisory DatabaseGHSA-7VH7-FW88-WJ87
HistoryAug 08, 2023 - 5:12 p.m.

Several quadratic complexity bugs may lead to denial of service in Commonmarker

2023-08-0817:12:00
CWE-407
GitHub Advisory Database
github.com
16
commonmarker
cmark-gfm
denial of service
cve-2023-37463
upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.0%

Impact

Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.29.0.gfm.12.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.10.

Affected configurations

Vulners
Node
github_advisory_databasecommonmarkerRange<0.23.10
CPENameOperatorVersion
commonmarkerlt0.23.10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.0%