5.3

CVE-2022-21670

Exploit

Uncontrolled Resource Consumption in markdown-it

markdown-it < 1.3.2 - Uncontrolled Resource Consumption

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.
Mögliche Gegenmaßnahme
Block for Apple Maps: Update to version 1.1.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Markdown-it ProjectMarkdown-it Version <= 12.3.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Block for Apple Maps
Version 1.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.798
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
security-advisories@github.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
Patch
Third Party Advisory
https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/67b468f7-21c7-424a-a65c-172ef47f0465
Third Party Advisory