CVE-2022-21670
10.01.2022, 21:15
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.Enginsight
Vendor | Product | Version |
---|---|---|
markdown-it_project | markdown-it | 𝑥 ≤ 12.3.1 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-1333 - Inefficient Regular Expression ComplexityThe product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References