6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.9%
The commonmark package, specifically in its dependency on GitHub Flavored Markdown before version 0.29.0.gfm.1, has a vulnerability related to time complexity. Parsing certain crafted markdown tables can take O(n * n) time, leading to potential Denial of Service attacks. This issue does not affect the upstream cmark project and has been fixed in version 0.29.0.gfm.1.
CPE | Name | Operator | Version |
---|---|---|---|
commonmark | eq | 0.4 | |
commonmark | eq | 1.7 | |
commonmark | eq | 1.0 | |
commonmark | eq | 1.2 | |
commonmark | eq | 0.8 | |
commonmark | eq | 0.7 | |
commonmark | eq | 1.1 | |
commonmark | eq | 1.6 | |
commonmark | eq | 0.9 | |
commonmark | eq | 0.6 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.9%