Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-gpvj-gp8c-c7p2

GitHub Security Advisory

Regular Expression Denial of Service in simple-markdown

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.

Affected Packages

npm simple-markdown
Affected versions: 0 (fixed in 0.5.2)

Related CVEs

CVE-2019-25103

Key Information

GHSA ID
GHSA-gpvj-gp8c-c7p2
Published
February 12, 2023 3:30 PM
Last Modified
February 24, 2023 4:01 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
simple-markdown
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.