2 matches found
CVE-2015-10005
Affected software: markdown-it (up to 2.x). Vulnerability: REDOS in an unknown function of lib/common/html_re.js causing inefficient regular expression complexity. Root cause / impact: manipulation leads to performance concerns; lack of explicit exploitation details in the provided documents. Evi...
CVE-2026-48988
markdown-it is affected by a Denial-of-Service vulnerability (CVE-2026-48988) when typographer: true is enabled. Versions 14.1.1 and earlier process smartquotes with a quadratic time complexity due to repeated uses of replaceAt(), causing high CPU usage on quote-heavy inputs. The issue can degrad...