GMS-2023-1110: Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.
References
- github.com/advisories/GHSA-48wp-p9qv-4j64
- github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.10
- github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.11
- github.com/gjtorikian/commonmarker/pull/236
- github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
- github.com/gjtorikian/commonmarker/security/advisories/GHSA-48wp-p9qv-4j64
Detect and mitigate GMS-2023-1110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →