Regular Expression Denial of Servicemarkdown
All versions of
markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The
markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
No fix is currently available. Consider using an alternative package until a fix is made available.
publishedAdvisory PublishedMay 20th, 2020
reportedReported by posixNov 19th, 2019