[ghostwriter] [Bug 461321] New: CVE-2022-39209 ghostwriter: cmark-gfm: Unbounded resource exhaustion may lead to denial of service.

Vitaly Zaitsev Wed, 02 Nov 2022 08:26:44 -0700

https://bugs.kde.org/show_bug.cgi?id=461321


            Bug ID: 461321
           Summary: CVE-2022-39209 ghostwriter: cmark-gfm: Unbounded
                    resource exhaustion may lead to denial of service.
    Classification: Applications
           Product: ghostwriter
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: megan.con...@kdemail.net
          Reporter: vit...@easycoding.org
  Target Milestone: ---

SUMMARY

In cmark-gfm versions prior to 0.29.0.gfm.6 a polynomial time complexity issue
in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and
subsequent denial of service.

More information:
https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q

Upstream fix:
https://github.com/github/cmark-gfm/commit/9d57d8a23142b316282bdfc954cb0ecda40a8655

-- 
You are receiving this mail because:
You are watching all bug changes.

[ghostwriter] [Bug 461321] New: CVE-2022-39209 ghostwriter: cmark-gfm: Unbounded resource exhaustion may lead to denial of service.

Reply via email to