Vulnerability Description
Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource exhaustion, where processing malicious inputs could cause high CPU or memory usage, potentially leading to denial of service. Version 1.0.2 contains a patch. Additionally, users should review and restrict input sources if untrusted inputs are processed.
Related Weaknesses (CWE)
References
- https://github.com/IEatUranium238/Cattown/commit/70c2a28fb7dc520cfb7e401e0e141bf
- https://github.com/IEatUranium238/Cattown/security/advisories/GHSA-455v-w7r9-3vv
FAQ
What is CVE-2025-58451?
CVE-2025-58451 is a documented vulnerability. Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to e...
How severe is CVE-2025-58451?
CVSS scoring is not yet available for CVE-2025-58451. Check NVD for updates.
Is there a patch for CVE-2025-58451?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.