Denial of Service in markdown-it-toc-and-anchor

2020-09-01T21:26:50
ID GHSA-X6M6-5HRF-FH6R
Type github
Reporter GitHub Advisory Database
Modified 2020-09-01T21:26:50

Description

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing **text**+\n@[toc] causes the application to enter and infinite loop.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.