Source: node-turndown Version: 7.1.1-3 Severity: important Tags: security upstream Forwarded: https://github.com/mixmark-io/turndown/issues/501 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for node-turndown. CVE-2025-9670[0]: | A security flaw has been discovered in mixmark-io turndown up to | 7.2.1. This affects an unknown function of the file src/commonmark- | rules.js. Performing manipulation results in inefficient regular | expression complexity. It is possible to initiate the attack | remotely. The exploit has been released to the public and may be | exploited. There is a proposed fix in the corresponding pull request at [2], but it has not yet been merged. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-9670 https://www.cve.org/CVERecord?id=CVE-2025-9670 [1] https://github.com/mixmark-io/turndown/issues/501 [2] https://github.com/mixmark-io/turndown/pull/504 Regards, Salvtore
