Vulnerability Description
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Markdown-It Project | Markdown-It | < 3.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d251PatchThird Party Advisory
- https://github.com/markdown-it/markdown-it/releases/tag/3.0.0Release NotesThird Party Advisory
- https://vuldb.com/?ctiid.216852Third Party Advisory
- https://vuldb.com/?id.216852Third Party Advisory
- https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d251PatchThird Party Advisory
- https://github.com/markdown-it/markdown-it/releases/tag/3.0.0Release NotesThird Party Advisory
- https://vuldb.com/?ctiid.216852Third Party Advisory
- https://vuldb.com/?id.216852Third Party Advisory
FAQ
What is CVE-2015-10005?
CVE-2015-10005 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regu...
How severe is CVE-2015-10005?
CVE-2015-10005 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-10005?
Check the references section above for vendor advisories and patch information. Affected products include: Markdown-It Project Markdown-It.