Denial of service in table parsing in cmark-gfm
CVE-2020-5238

6.5MEDIUM

Key Information:

Vendor: Github
Status: Cmark-gfm
Vendor: CVE Published:; 1 July 2020

What is CVE-2020-5238?

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Affected Version(s)

cmark-gfm < 0.29.0.gfm.1

References

https://github.com/github/cmark-gfm/security/advisories/G...

x_refsource_CONFIRM

https://github.com/github/cmark-gfm/commit/85d895289c5ab6...

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Jan 2, 2020

Github

What is CVE-2020-5238?

Affected Version(s)

References

CVSS V3.1

Timeline