20mk-utils (>=1.0.0 <=1.0.3), 2d-spirograph (>=1.0.2 <=1.0.4) +2111 more potentially affected by CVE-2024-1899 via showdown (>=0.0.1 <=2.1.0)

showdown NPM version =0.0.1, =1.0.0, =1.0.2, =2.0.4, =1.0.6, =0.1.4, =0.1.4, =0.1.4, =13.351.0, =13.351.0, =7.10.0, =7.10.0, =0.0.3, =0.4.15 - @adalink/spark-chat =1.0.0 and more Source cves: CVE-2024-1899 Source advisory: OSV:GHSA-RMMH-P597-PPVV...

Showdown Security Vulnerability

Showdown is ShowdownJS open source a JavaScript Markdown to HTML converter . A security vulnerability exists in Showdown version 2.1.0 and earlier versions. A remote attacker could exploit this vulnerability to cause a system denial of service...

com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0), org.webjars.npm:github-com-showdownjs-ng-showdown (=1.1.0) +3 more potentially affected by CVE-2024-1899 via org.webjars.npm:showdown (>=1.9.1 <=2.1.0)

org.webjars.npm:showdown MAVEN version =1.9.1, =2.0.0, =1.0.2, =1.0.3 - org.webjars.npm:showdown-prism =0.2.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-8685132...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details Denial...

org.webjars.bower:ng-swagger-ui (=0.0.4) potentially affected by CVE-2024-1899 via org.webjars.bower:showdown (=1.7.6)

org.webjars.bower:showdown MAVEN version =1.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bower:showdown and may be impacted: - org.webjars.bower:ng-swagger-ui =0.0.4 Source cves: CVE-2024-1899 Source advisory:...

org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2024-1899 via org.webjars:showdown (=0.3.1)

org.webjars:showdown MAVEN version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:showdown and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARS-8685134...

@ambers/helios (>=0.10.0 <=0.13.5), @cloudmosaic/quickstarts (>=1.0.0-rc.0 <=1.0.0-rc.1) +181 more potentially affected by unknown CVE via showdown (>=0.0.1 <=1.9.0)

showdown NPM version =0.0.1, =0.10.0, =1.0.0-rc.0, =1.0.0, =1.0.0-alpha.1, =2.0.0, =0.4.0, =1.6.3, =5.2.1, =0.0.11, =0.0.9, =0.0.2, =1.0.0, =1.0.1, =2.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H6MQ-3CJ6-H738...