A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of...
7.5CVSS
7.6AI Score
0.001EPSS
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from...
5.3CVSS
5AI Score
0.001EPSS
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not...
7.3CVSS
6.2AI Score
0.001EPSS
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the...
7.3CVSS
6.3AI Score
0.001EPSS
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require("markdown-it-highlightjs"); const md = require('markdown-it'); const...
6.5CVSS
6.3AI Score
0.001EPSS
5.3CVSS
5.5AI Score
0.002EPSS