6 matches found
CVE-2024-1899
An issue in the anchors subparser of Showdownjs versions = 2.1.0 could allow a remote attacker to cause denial of service conditions...
CVE-2024-1899
An issue in the anchors subparser of Showdownjs versions = 2.1.0 could allow a remote attacker to cause denial of service conditions...
Race condition
An issue in the anchors subparser of Showdownjs versions = 2.1.0 could allow a remote attacker to cause denial of service conditions...
CVE-2024-1899
An issue in the anchors subparser of Showdownjs versions = 2.1.0 could allow a remote attacker to cause denial of service conditions...
PT-2024-18406 · Unknown · Showdownjs
Name of the Vulnerable Software and Affected Versions: Showdownjs versions = 2.1.0 Description: An issue in the anchors subparser could allow a remote attacker to cause denial of service conditions. Recommendations: For versions = 2.1.0, update to a version greater than 2.1.0 to resolve the issue...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details...