We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/commonmarker-0.17.9.gem
Dependency Hierarchy:
Found in HEAD commit: c8964831a15c57dba952331f44c20ae5a7a595d8
Found in base branch: master
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Publish Date: 2022-09-21
URL: WS-2022-0320
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-4qw4-jpp4-8gvp
Release Date: 2022-09-21
Fix Resolution: commonmarker - 0.23.6
The text was updated successfully, but these errors were encountered:
No branches or pull requests
WS-2022-0320 - High Severity Vulnerability
Vulnerable Library - commonmarker-0.17.9.gem
A fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/commonmarker-0.17.9.gem
Dependency Hierarchy:
Found in HEAD commit: c8964831a15c57dba952331f44c20ae5a7a595d8
Found in base branch: master
Vulnerability Details
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Publish Date: 2022-09-21
URL: WS-2022-0320
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-4qw4-jpp4-8gvp
Release Date: 2022-09-21
Fix Resolution: commonmarker - 0.23.6
The text was updated successfully, but these errors were encountered: