CNNVD-202508-3499 Information

CNNVD ID

CNNVD-202508-3499

Related CVE

CVE-2025-9670

• CNNVD Published: 2025-08-29

Description (Chinese)

Turndown是mixmark-io开源的一个HTML到Markdown转换器。 Turndown 7.2.1及之前版本存在安全漏洞，该漏洞源于文件src/commonmark-rules.js中正则表达式效率低下，可能导致拒绝服务攻击。

Description (English)

Turndown is an HTML to Markdown converter from the mixmark-io open source. The security gap in Turndown 7.2.1 and earlier versions stems from the inefficiency of the regular expression in the document src/commonmark-rules.js, which may lead to a denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

mixmark-io

Published

2025-08-29

Last Modified

2026-02-24

References

https://vuldb.com/?submit.637911 https://vuldb.com/?id.321880 https://vuldb.com/?ctiid.321880 https://github.com/mixmark-io/turndown/issues/501#issue-3336342088 https://nvd.nist.gov/vuln/detail/CVE-2025-9670 https://access.redhat.com/security/cve/cve-2025-9670