Markdown-it Security Vulnerabilities and Issues — Markdown-it CVE List

Lucene search

Markdown-it ProjectMarkdown-it

3 matches found

CVE•added 2022/01/10 9:15 p.m.•66 views

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

5.3CVSS5.5AI score0.01157EPSS

CVE•added 2022/12/27 9:15 a.m.•48 views

CVE-2015-10005

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of th...

7.5CVSS5.6AI score0.00048EPSS

CVE•added 2017/06/07 9:29 p.m.•42 views

CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs.

5.3CVSS5.5AI score0.0058EPSS