Homepage

markdown-it@12.0.0 vulnerabilities

Markdown-it - modern pluggable markdown parser.

  • latest version

    14.1.0

  • latest non vulnerable version

    14.1.0

  • first published

    10 years ago

  • latest version published

    0 years ago

  • licenses detected

  • View markdown-it package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the markdown-it package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Infinite loop

    markdown-it is a modern pluggable markdown parser.

    Affected versions of this package are vulnerable to Infinite loop in linkify inline rule when using malformed input.

    How to fix Infinite loop?

    Upgrade markdown-it to version 13.0.2 or higher.

    <13.0.2
    • M
    Regular Expression Denial of Service (ReDoS)

    markdown-it is a modern pluggable markdown parser.

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the /s+$/ in line 23 of lib/rules_inline/newline.js. This expression is used to remove trailing whitespaces from a string, however, it also matches non-trailing whitespaces. In the worst-case scenario, the matching process would take computation time proportional to the square of the length of the non-trailing whitespaces. It is possible that a string containing more than tens of thousands characters, as markdown-it handles Markdown, would be passed over the network, resulting in significant computational time.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade markdown-it to version 12.3.2 or higher.

    <12.3.2
    Go back to all versions of this package