Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex `/\+$/` in the `linkify` function. An attacker can supply a long sequence of `` characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `markdown-it` to version 14.1.1 or higher.	>=13.0.0 <14.1.1
H Infinite loop markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Infinite loop in linkify inline rule when using malformed input. How to fix Infinite loop? Upgrade `markdown-it` to version 13.0.2 or higher.	<13.0.2

Regular Expression Denial of Service (ReDoS)

markdown-it is a modern pluggable markdown parser.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade markdown-it to version 14.1.1 or higher.

>=13.0.0 <14.1.1

Infinite loop

markdown-it is a modern pluggable markdown parser.

Affected versions of this package are vulnerable to Infinite loop in linkify inline rule when using malformed input.

How to fix Infinite loop?

Upgrade markdown-it to version 13.0.2 or higher.

<13.0.2

Go back to all versions of this package