markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations
Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule enabled via the typographer: true option. An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time, leading to denial of service...
