Impact
CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.
Patches
This vulnerability has been patched in the following CommonMarker release:
Workarounds
Disable use of the autolink extension.
References
#190
GHSA-cgh3-p57x-9q7q
https://en.wikipedia.org/wiki/Time_complexity
For more information
If you have any questions or comments about this advisory:
Acknowledgements
We would like to thank Legit Security for reporting this vulnerability.
Impact
CommonMarker uses
cmark-gfmfor rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.Patches
This vulnerability has been patched in the following CommonMarker release:
Workarounds
Disable use of the autolink extension.
References
#190
GHSA-cgh3-p57x-9q7q
https://en.wikipedia.org/wiki/Time_complexity
For more information
If you have any questions or comments about this advisory:
Acknowledgements
We would like to thank Legit Security for reporting this vulnerability.