Vulnerability Description
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Markdown-It Project | Markdown-It | <= 12.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2PatchThird Party Advisory
- https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vrExploitThird Party Advisory
- https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2PatchThird Party Advisory
- https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vrExploitThird Party Advisory
FAQ
What is CVE-2022-21670?
CVE-2022-21670 is a vulnerability with a CVSS score of 5.3 (MEDIUM). markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12...
How severe is CVE-2022-21670?
CVE-2022-21670 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21670?
Check the references section above for vendor advisories and patch information. Affected products include: Markdown-It Project Markdown-It.