Lucene search
K

9 matches found

OSV
OSV
added 2026/06/17 9:16 p.m.5 views

DEBIAN-CVE-2026-48988

markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2 processing in the smartquotes rule. The issue stems from repeatedly modifying strings with replaceAt, which performs On slicing and...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 9:16 p.m.12 views

CVE-2026-48988

markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2 processing in the smartquotes rule. The issue stems from repeatedly modifying strings with replaceAt, which performs On slicing and...

5.3CVSS0.00306EPSS
Exploits1References2
CVE
CVE
added 2026/06/17 8:54 p.m.35 views

CVE-2026-48988

markdown-it is affected by a Denial-of-Service vulnerability (CVE-2026-48988) when typographer: true is enabled. Versions 14.1.1 and earlier process smartquotes with a quadratic time complexity due to repeated uses of replaceAt(), causing high CPU usage on quote-heavy inputs. The issue can degrad...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/17 8:54 p.m.7 views

CVE-2026-48988

markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2 processing in the smartquotes rule. The issue stems from repeatedly modifying strings with replaceAt, which performs On slicing and...

5.3CVSS5.2AI score0.00306EPSS
Exploits1
Veracode
Veracode
added 2026/06/16 7:32 p.m.9 views

Denial Of Service (DoS)

markdown-it is vulnerable to Denial of Service DoS. The vulnerability is due to quadratic-time processing in the smartquotes rule when typographer: true is enabled, which allows an attacker to supply specially crafted markdown containing consecutive quotation marks and consume excessive CPU...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/06/15 8:41 p.m.7 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the replaceAt function in the smartquotes rule when processing markdown input with a large number of consecutive quotation mar...

6.9CVSS6AI score0.00306EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 8:41 p.m.6 views

GHSA-6V5V-WF23-FMFQ markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule enabled via the typographer: true option. An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time, leading to denial of service...

5.3CVSS5.4AI score0.00306EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:41 p.m.8 views

markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule enabled via the typographer: true option. An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time, leading to denial of service...

5.3CVSS5.4AI score0.00306EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49555

Name of the Vulnerable Software and Affected Versions markdown-it affected versions not specified Description A quadratic time complexity issue exists in the smartquotes rule when the typographer: true option is enabled. An attacker can provide markdown input containing a large number of...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References9
Rows per page
Query Builder