markdown-it Inefficient Regular Expression Complexity Vulnerability - CVE-2022-21670 - Vulnerability Database

markdown-it Inefficient Regular Expression Complexity Vulnerability - CVE-2022-21670

Medium

Reference: CVE-2022-21670

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-21670

Title: markdown-it Inefficient Regular Expression Complexity Vulnerability

Overview:

markdown-it is a Markdown parser. Prior to version 1.3.2 special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.