VDB
KO
MEDIUM 5.3

GHSA-rmmh-p597-ppvv

Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing

Details

Showdownjs, versions <= 2.1.0, `anchors` subparser used to parse links has a nested regular expression which can lead to denial of service conditions given malicious input.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / showdown
Introduced in: 0

No fixed version published yet for showdown (npm). Pin to a known-safe version or switch to an alternative.

References