simple-markdown is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability exists due to an insecure Regex pattern used for the match
attribute in the autolink
object in simple-markdown.js
, which allows an attacker to crash the application by providing a maliciously crafted pattern like such as <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/