Regular Expression Denial of Service@ckeditor/ckeditor5-markdown-gfm
In affected versions of
@ckeditor/ckeditor5-markdown-gfm a regular expression denial of service (ReDoS) vulnerability has been discovered.
The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 Markdown plugin at version <= 24.0.0.
- Disabling the Markdown plugin.
Upgrade to version 25.0.0 or later
publishedAdvisory PublishedFeb 23rd, 2021
reportedReported by AnonymousFeb 23rd, 2021