Skip to content

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Moderate severity GitHub Reviewed Published Jan 24, 2023 in gjtorikian/commonmarker • Updated Jan 24, 2023

Package

bundler commonmarker (RubyGems)

Affected versions

< 0.23.7

Patched versions

0.23.7

Description

Impact

Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.23.0.gfm.7.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.7.

References

@gjtorikian gjtorikian published to gjtorikian/commonmarker Jan 24, 2023
Published to the GitHub Advisory Database Jan 24, 2023
Reviewed Jan 24, 2023
Last updated Jan 24, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-636f-xm5j-pj9m

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.