cbcvebase.
CVE-2020-5238
published 2020-07-01

CVE-2020-5238: The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown…

PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.57%
72.2th percentile
The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Affected

13 ranges
VendorProductVersion rangeFixed in
debiancmark-gfm< cmark-gfm 0.29.0.gfm.2-1 (bookworm)cmark-gfm 0.29.0.gfm.2-1 (bookworm)
debianhaskell-cmark-gfm< cmark-gfm 0.29.0.gfm.2-1 (bookworm)cmark-gfm 0.29.0.gfm.2-1 (bookworm)
debianpython-cmarkgfm< cmark-gfm 0.29.0.gfm.2-1 (bookworm)cmark-gfm 0.29.0.gfm.2-1 (bookworm)
debianr-cran-commonmark< cmark-gfm 0.29.0.gfm.2-1 (bookworm)cmark-gfm 0.29.0.gfm.2-1 (bookworm)
debianruby-commonmarker< cmark-gfm 0.29.0.gfm.2-1 (bookworm)cmark-gfm 0.29.0.gfm.2-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
githubcmark-gfm< 0.29.0.gfm.10.29.0.gfm.1
githubcmark-gfm>= 0 < 0.29.0.gfm.2-10.29.0.gfm.2-1
githubcmark-gfm>= 0 < 0.29.0.gfm.2-10.29.0.gfm.2-1
githubcmark-gfm>= 0 < 0.29.0.gfm.2-10.29.0.gfm.2-1
github_flavored_markdown_projectgithub_flavored_markdown< 0.29.0.gfm.10.29.0.gfm.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.