Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing

Showdownjs, versions = 2.1.0, anchors subparser used to parse links has a nested regular expression which can lead to denial of service conditions given malicious input...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details Denial...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bower:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.showdownjs:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n...