This repository has been archived by the owner on Mar 11, 2024. It is now read-only.
CVE-2023-24824 (High) detected in commonmarker-0.17.7.1.gem #48
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2023-24824 - High Severity Vulnerability
Vulnerable Library - commonmarker-0.17.7.1.gem
A fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.7.1.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of
>
or-
characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.Publish Date: 2023-03-31
URL: CVE-2023-24824
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-03-31
Fix Resolution: commonmarker - 0.23.9
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: