CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

CVE-2022-21670

CVE-2022-21670 affects the markdown-it Markdown parser. The vulnerability arises from handling of special patterns with length over 50,000 characters, which can cause significant slowdown (denial of service) in affected versions. The issue is addressed by upgrading to version 12.3.2 ; there are n...

CVE-2021-41168

Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown referencename:...

CVE-2021-41168

Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown referencename:...

Reddit: Hash-Collision Denial-of-Service Vulnerability in Markdown Parser

Summary: We have found three bugs in Reddit's markdown parser. Two of these bugs are exploitable to launch an algorithmic complexity denial-of-service DoS attack. In this report we explain the bugs and exploits. We also show, in a non-disruptive way, that it appears to exist in the current versio...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-edc673e864)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: rubygem-kramdown-2.2.1-10.fc33

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

GitLab: RCE via unsafe inline Kramdown options when rendering certain Wiki pages

Summary When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and...

CVE-2021-21306

Marked is an open-source markdown parser and compiler npm package "marked". In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is...

CVE-2021-21306

Marked is an open-source markdown parser and compiler npm package "marked". In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is...

Code injection

Marked is an open-source markdown parser and compiler npm package "marked". In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is...

CVE-2021-21306

Marked (npm package) contains a Regular Expression Denial of Service vulnerability in versions 1.1.1 up to before 2.0.0. The root cause is a REDoS condition when processing user-generated code through marked. Impact is denial of service; upgrade to version 2.0.0 or later to fix. If exploiting det...

CVE-2021-21306

Marked is an open-source markdown parser and compiler npm package "marked". In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is...

Debian: Security Advisory (DSA-4831-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vicent Martí Redcarpet Injection Vulnerability

Vicent Martí Redcarpet is a Rust-based codebase for parsing Markdown syntax by the individual developer Vicent Martí. An injection vulnerability exists in Redcarpet before version 3.5.1, which results from not performing HTML escaping when handling quotes...

md4c denial of service vulnerability (CNVD-2020-58044)

md4c Markdown for C is a personal developer's implementation of the Markdown parser in C. It is a parser that can be used in a variety of languages. A denial of service vulnerability exists in mdpushblockbytes in md4c.c in md4c 0.4.5. An attacker can trigger the use of uninitialized memory via a...

Denial Of Service (DoS)

markdown-it-toc-and-anchor is vulnerable to denial of service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop...

[SECURITY] Fedora 32 Update: rubygem-kramdown-2.1.0-3.fc32

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

Debian: Security Advisory (DSA-4743-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4743-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4743-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2020 https://www.debian.org/security/faq -...