CVE-2023-22484 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.5 LOW	ADJACENT_NETWORK	LOW	LOW	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
GitHub_M	CNA	3.5 LOW	ADJACENT_NETWORK	LOW	LOW	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
github	cmark-gfm	𝑥 < 0.29.0.gfm.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cmark-gfm

bullseye	no-dsa
bookworm	ignored
buster	no-dsa
sid	vulnerable
trixie	vulnerable

python-cmarkgfm

bullseye	no-dsa
bookworm	ignored
buster	no-dsa
sid	vulnerable
trixie	vulnerable

r-cran-commonmark

bullseye	no-dsa
bookworm	ignored
buster	no-dsa
sid	1.9.2-2 fixed
trixie	1.9.2-2 fixed

ruby-commonmarker

bullseye	no-dsa
bookworm	ignored
buster	no-dsa
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

cmark-gfm

oracular	needs-triage
noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
focal	needs-triage
bionic	dne
xenial	ignored
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-407 - Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r

https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r