CVE-2022-21670

Medium

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down…

GitHub_M·CWE-400·Published 2022-01-10

CVSS

5.3

EPSS

0.02

KEV

Exploits

cve.orgen

277 chars

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

NVDen

277 chars

OSV.deven

366 chars

### Impact Special patterns with length > 50K chars can slow down parser significantly. ```js const md = require('markdown-it')(); md.render(`x ${' '.repeat(150000)} x \nx`); ``` ### Patches Upgrade to v12.3.2+ ### Workarounds No. ### References Fix + test sample: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101

GHSAen

366 chars

NVDes

346 chars

markdown-it es un analizador de Markdown. En versiones anteriores a 1.3.2, los patrones especiales con una longitud superior a 50 mil caracteres podían ralentizar el analizador de forma significativa. Los usuarios deben actualizar a versión 12.3.2 para recibir un parche. No se presentan medidas de mitigación conocidas aparte de la actualización

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Secondary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Secondary	GHSA	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L