Vulnerability Description
A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Khanacademy | Simple-Markdown | 0.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/ariabuckles/simple-markdown/commit/89797fef9abb4cab2fb76a3359Patch
- https://github.com/ariabuckles/simple-markdown/releases/tag/0.5.2Release Notes
- https://vuldb.com/?ctiid.220639Third Party Advisory
- https://vuldb.com/?id.220639Third Party Advisory
- https://github.com/ariabuckles/simple-markdown/commit/89797fef9abb4cab2fb76a3359Patch
- https://github.com/ariabuckles/simple-markdown/releases/tag/0.5.2Release Notes
- https://vuldb.com/?ctiid.220639Third Party Advisory
- https://vuldb.com/?id.220639Third Party Advisory
FAQ
What is CVE-2019-25103?
CVE-2019-25103 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads...
How severe is CVE-2019-25103?
CVE-2019-25103 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25103?
Check the references section above for vendor advisories and patch information. Affected products include: Khanacademy Simple-Markdown.