漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
CWE-1333
Vulnerability Title
Markdown-It 安全漏洞
Vulnerability Description
Markdown-It是Markdown it!开源的一个 Markdown 解析器。 Markdown-It 14.1.1之前版本存在安全漏洞,该漏洞源于linkify函数使用正则表达式,可能导致正则表达式拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A