CVE-2020-5238 Information

Feb 14, 2021 cve

Description

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCDHBTUFIOYRIS5HAS6PZNBNMB7IOAX3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMQFOQQCWOAMQ4I2XIVCVOXXIJ75HDCW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGJH2A4VAV54X6NSCNNGSEIGIIY5N2VR/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5

Share on: