Lucene search
Legit-securityH1:1619604HistoryJun 29, 2022 - 8:12 p.m.
GitHub: DoS via markdown API from unauthenticated user
2022-06-2920:12:57
legit-security
hackerone.com
$4000
11
github
unauthenticated user
dos
markdown api
cmark-gfm
polynomial time complexity
autolink extension
denial of service
resource exhaustion
patch
upgrade
vulnerability
EPSS
0.002
Percentile
55.1%
cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm’s autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running python3 -c 'print("
ubuntucve
ubuntucve
CVE-2022-39209
2022-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: ghc-cmark-gfm-0.2.5-1.fc35
2022-11-05 17:06:32
[SECURITY] Fedora 37 Update: ghc-cmark-gfm-0.2.5-1.fc37
2022-11-10 22:54:40
[SECURITY] Fedora 36 Update: ghc-cmark-gfm-0.2.5-1.fc36
2022-11-05 17:00:27
cve
cve
CVE-2022-39209
2022-09-15 18:15:12
prion
prion
Code injection
2022-09-15 18:15:00
nessus
nessus
Fedora 35 : ghc-cmark-gfm (2022-f1aed93db8)
2022-12-22 00:00:00
Fedora 39 : ghostwriter (2023-d1e9e62a92)
2023-11-07 00:00:00
Fedora 36 : ghc-cmark-gfm (2022-6bcee2cc93)
2022-12-22 00:00:00
openvas
openvas
Fedora: Security Advisory for ghc-cmark-gfm (FEDORA-2022-dc6d6d9d6c)
2022-11-11 00:00:00
Fedora: Security Advisory (FEDORA-2023-d1e9e62a92)
2024-09-10 00:00:00
Fedora: Security Advisory for ghc-cmark-gfm (FEDORA-2022-f1aed93db8)
2022-11-06 00:00:00
redhatcve
redhatcve
CVE-2022-39209
2022-09-28 18:08:09
veracode
veracode
Denial Of Service (DoS)
2022-11-17 07:45:55
cvelist
cvelist
CVE-2022-39209 Uncontrolled Resource Consumption in cmark-gfm
2022-09-15 00:00:00
nvd
nvd
CVE-2022-39209
2022-09-15 18:15:12
osv
osv
CVE-2022-39209
2022-09-15 18:15:12
Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities
2023-10-06 05:00:00
debiancve
debiancve
CVE-2022-39209
2022-09-15 18:15:12