Lucene search
+L

14 matches found

RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-48801

A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...

8.7CVSS6AI score0.00445EPSS
Exploits0References5
OSV
OSV
added 3 days ago6 views

CVE-2026-48801 linkify-it: Quadratic algorithmic complexity in LinkifyIt#match scan loop

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has ON² algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-48801 linkify-it: Quadratic algorithmic complexity in LinkifyIt#match scan loop

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has ON² algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs...

8.7CVSS0.00445EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago6 views

linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability

A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...

8.7CVSS6AI score0.00445EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 5:17 p.m.9 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 3:58 p.m.5 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/08 3:58 p.m.36 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 3:58 p.m.3 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References5
Circl
Circl
added 2026/06/26 10:35 p.m.6 views

CVE-2026-48801

creationtimestamp| type| source ---|---|--- 2026-06-26 22:35:32+00:00| published-proof-of-concept| https://github.com/markdown-it/linkify-it/security/advisories/GHSA-22p9-wv53-3rq4 2026-07-14 23:48:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnfglsj4s2w...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/26 8:47 p.m.6 views

LinkifyIt#match scan loop has quadratic algorithmic complexity

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score0.02152EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/26 8:47 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to quadratic algorithmic complexity in the match function. An attacker can exhaust CPU resources and cause significant...

8.7CVSS6AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 8:47 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to quadratic algorithmic complexity in the match function. An attacker can exhaust CPU resources and caus...

8.7CVSS6AI score0.00445EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.25 views

PT-2026-53018

Name of the Vulnerable Software and Affected Versions linkify-it versions prior to 5.0.1 Description LinkifyIt.prototype.match, the primary public API of the library, exhibits ON² algorithmic complexity when processing inputs containing numerous fuzzy links or emails. This occurs because the...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/29 12:30 p.m.4 views

Malicious code in npm_package_dependencies_linkify_it (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 540ac82200adeadb0c42901b9214e03c897e79ee20de2be6a87beb66e45393f6 The OpenSSF Package Analysis project identified 'npmpackagedependencieslinkifyit' @ 4.0.1 npm as malicious. It is considered malicious because: ...

6.9AI score
Exploits0
Rows per page
Query Builder