Lucene search
K

4 matches found

NVD
NVD
added 2026/06/17 9:16 p.m.12 views

CVE-2026-48988

markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2 processing in the smartquotes rule. The issue stems from repeatedly modifying strings with replaceAt, which performs On slicing and...

5.3CVSS0.00306EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:41 p.m.8 views

markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule enabled via the typographer: true option. An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time, leading to denial of service...

5.3CVSS5.4AI score0.00306EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/15 8:41 p.m.6 views

GHSA-6V5V-WF23-FMFQ markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule enabled via the typographer: true option. An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time, leading to denial of service...

5.3CVSS5.4AI score0.00306EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 8:41 p.m.7 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the replaceAt function in the smartquotes rule when processing markdown input with a large number of consecutive quotation mar...

6.9CVSS6AI score0.00306EPSS
Exploits1References2
Rows per page
Query Builder