Neoclassical Philosophic Musings
    Severity: low

    Regular Expression Denial of Service

    markdown

    Overview

    All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.

    Remediation

    No fix is currently available. Consider using an alternative package until a fix is made available.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 20th, 2020
    2. reported

      Reported by posix
      Nov 19th, 2019