Khanacademy Simple-Markdown vulnerabilities

CVE-2019-25103 [HIGH] CWE-1333 CVE-2019-25103: A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by t A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch

CVE-2019-25102 [HIGH] CWE-1333 CVE-2019-25102: A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected i A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the

CVE-2019-9844 [MEDIUM] CWE-79 CVE-2019-9844: simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.