CVE-2020-5238

Summary

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Affected Software

VendorProductVersion RangeStatus
githubcmark-gfm< 0.29.0.gfm.1affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References