CVE-2019-25103 — Regex Denial of Service in Simple-markdown

CWE-1333 — Regex Denial of Service3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 34.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Khanacademy Simple-markdown

Timeline

PublishedFeb 12

Description

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerabil…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶npmkhanacademy/simple-markdown< 0.5.2

▶NVDkhanacademy/simple-markdown0.5.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Regular Expression Denial of Service in simple-markdown↗2023-02-12

▶

OSV

Regular Expression Denial of Service in simple-markdown↗2023-02-12

▶