Skip to content

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Moderate
gjtorikian published GHSA-7vh7-fw88-wj87 Aug 8, 2023

Package

bundler commonmarker (RubyGems)

Affected versions

< 0.23.10

Patched versions

0.23.10

Description

Impact

Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.29.0.gfm.12.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.10.

Severity

Moderate

CVE ID

CVE-2023-37463

Weaknesses