89 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-26272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then pre...
CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...
CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...
OneBlog 代码问题漏洞
OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog 2.3.9 and earlier versions, which stems from an incorrect operation of the autoLink function that can lead to server-side request forgery...
Linux Distros Unpatched Vulnerability : CVE-2022-39209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity...
Malicious code in autolink-jira-issue (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10553 Malicious code in autolink-jira-issue (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-site Scripting (XSS)
Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of autolinks. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...
Fedora 39 : ghostwriter (2023-d1e9e62a92)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d1e9e62a92 advisory. Automatic update for ghostwriter-23.03.90-2.fc39. Changelog Sat Apr 1 2023 Vitaly Zaitsev - 23.03.90-2 - Switched to Ninja. - Explicitly set Release...
RSEC-2023-7 Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities
cmark-gfm, GitHub's extended CommonMark library, has multiple vulnerabilities. Versions prior to 0.29.0.gfm.6 suffer from a polynomial time complexity issue in the autolink extension, causing denial of service. Also, versions before 0.29.0.gfm.3 and 0.28.3.gfm.21 contain an integer overflow in...
UBUNTU-CVE-2023-3364
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...
PT-2023-24426 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.14 through 16.0.7 GitLab CE/EE versions 16.1 through 16.1.2 GitLab CE/EE versions 16.2 through 16.2.1 Description: A Regular Expression Denial of Service issue was discovered, allowing attackers to send crafted payload...
PT-2023-25977 · Cmark-Gfm +1 · Cmark-Gfm +1
Name of the Vulnerable Software and Affected Versions: cmark-gfm versions prior to 0.29.0.gfm.12 Description: cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-g...
SUSE CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
Regular Expression Denial Of Service (ReDoS)
simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the match attribute in the autolink object in simple-markdown.js, which allows an attacker to crash the application by providing a maliciously crafted...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the validateprotocol function in extensions/autolink.c, which exposes malloc metadata. NOTE: The maintainers believe this is harmless. PoC sh echo "to:[email protected]" | ./src/cmark-gfm -e autolink Remediation...
Fedora 35 : ghc-cmark-gfm (2022-f1aed93db8)
The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f1aed93db8 advisory. updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209 Tenable has extracted the preceding description block directly from the Fedora...
CVE-2022-39209
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the...
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...
GHSA-4QW4-JPP4-8GVP Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...