Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-37463 For more information, consult the release notes for version 0.29.0.gfm.12. Mitigation Users are advised to upgrade to commonmarker version 0.23.10.
Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.
Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486 For more information, consult the release notes for version 0.23.0.gfm.7. Mitigation Users are advised to upgrade to commonmarker version 0.23.7.
Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker release: v0.23.6 Workarounds Disable use of the autolink extension. References https://github.com/gjtorikian/commonmarker/pull/190 https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q https://en.wikipedia.org/wiki/Time_complexity For more information If you have any questions or comments about this advisory: Open an issue in github/cmark-gfm …
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in commonmarker.