VYPR
Moderate severityNVD Advisory· Published Mar 28, 2023· Updated Feb 18, 2025

Quadratic runtime when parsing Markdown in comrak

CVE-2023-28626

Description

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-047

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
comrakcrates.io
< 0.17.00.17.0

Affected products

2

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.