Unrated severityNVD Advisory· Published Jul 1, 2020· Updated Aug 4, 2024
Denial of service in table parsing in cmark-gfm
CVE-2020-5238
Description
The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.
Affected products
3- osv-coords2 versions
< 2.0.6-5.el8+ 1 more
- (no CPE)range: < 2.0.6-5.el8
- (no CPE)range: < 2.0.6-5.el8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCDHBTUFIOYRIS5HAS6PZNBNMB7IOAX3/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMQFOQQCWOAMQ4I2XIVCVOXXIJ75HDCW/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGJH2A4VAV54X6NSCNNGSEIGIIY5N2VR/mitrevendor-advisoryx_refsource_FEDORA
- github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4mitrex_refsource_MISC
- github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.