MEDIUM 5.3
GHSA-rmmh-p597-ppvv
Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing
Details
Showdownjs, versions <= 2.1.0, `anchors` subparser used to parse links has a nested regular expression which can lead to denial of service conditions given malicious input.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / showdown
Introduced in:
0 No fixed version published yet for showdown (npm). Pin to a known-safe version or switch to an alternative.