Lucene search
+L

4 matches found

RedHat Linux
RedHat Linux
added 6 days ago6 views

linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability

A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...

8.7CVSS6AI score0.00445EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/26 8:47 p.m.6 views

LinkifyIt#match scan loop has quadratic algorithmic complexity

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score0.02152EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/26 8:47 p.m.3 views

GHSA-22P9-WV53-3RQ4 LinkifyIt#match scan loop has quadratic algorithmic complexity

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score0.00445EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.25 views

PT-2026-53018

Name of the Vulnerable Software and Affected Versions linkify-it versions prior to 5.0.1 Description LinkifyIt.prototype.match, the primary public API of the library, exhibits ON² algorithmic complexity when processing inputs containing numerous fuzzy links or emails. This occurs because the...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References5
Rows per page
Query Builder