Skip to content

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Moderate severity GitHub Reviewed Published Aug 8, 2023 in gjtorikian/commonmarker • Updated Aug 17, 2023

Package

bundler commonmarker (RubyGems)

Affected versions

< 0.23.10

Patched versions

0.23.10

Description

Impact

Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.29.0.gfm.12.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.10.

References

@gjtorikian gjtorikian published to gjtorikian/commonmarker Aug 8, 2023
Published to the GitHub Advisory Database Aug 8, 2023
Reviewed Aug 8, 2023
Last updated Aug 17, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-7vh7-fw88-wj87

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.