6 matches found
CVE-2022-21670
CVE-2022-21670 affects the markdown-it Markdown parser. The vulnerability arises from handling of special patterns with length over 50,000 characters, which can cause significant slowdown (denial of service) in affected versions. The issue is addressed by upgrading to version 12.3.2 ; there are n...
CVE-2015-10005
Affected software: markdown-it (up to 2.x). Vulnerability: REDOS in an unknown function of lib/common/html_re.js causing inefficient regular expression complexity. Root cause / impact: manipulation leads to performance concerns; lack of explicit exploitation details in the provided documents. Evi...
CVE-2015-3295
markdown-it before 4.1.0 does not block data: URLs, enabling potential HTML injection when rendering user-provided content. Affected: markdown-it versions prior to 4.1.0. Root cause: failure to block data: URLs in the rendering process. Impact: authoring or rendering content could lead to uninten...
CVE-2025-7969
CVE-2025-7969 is an XSS issue in markdown-it (improper neutralization of input during web page generation) affecting the lib/renderer.mjs path, with markdown-it 14.1.0 as the vulnerable version. IBM and related advisories reference this CVE across multiple products, noting remediation requires up...
CVE-2026-2327
The CVE-2026-2327 case concerns the markdown-it package. Affected versions: 13.0.0 through 14.1.0 (and up to 14.1.1 as fixed) are vulnerable to a Regular Expression Denial of Service in the linkify function due to the regex /*$/ used for links; an attacker can provide a long sequence of * follow...
CVE-2026-48988
markdown-it is affected by a Denial-of-Service vulnerability (CVE-2026-48988) when typographer: true is enabled. Versions 14.1.1 and earlier process smartquotes with a quadratic time complexity due to repeated uses of replaceAt(), causing high CPU usage on quote-heavy inputs. The issue can degrad...