Lucene search
AnonymousNODEJS:1617HistoryFeb 23, 2021 - 1:44 a.m.
Regular Expression Denial of Service
2021-02-2301:44:40
Anonymous
www.npmjs.com
47
0.001 Low
EPSS
Percentile
40.7%
Overview
In affected versions of @ckeditor/ckeditor5-markdown-gfm a regular expression denial of service (ReDoS) vulnerability has been discovered.
Impact
The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 Markdown plugin at version <= 24.0.0.
Workarounds
- Disabling the Markdown plugin.
Recommendation
Upgrade to version 25.0.0 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| @ckeditor/ckeditor5-markdown-gfm | le | 24.0.0 |
Related
osv
osv
CVE-2021-21254
2021-01-29 22:15:14
CKEditor 5 Markdown plugin Regular expression Denial of Service
2021-01-29 21:51:22
github
github
CKEditor 5 Markdown plugin Regular expression Denial of Service
2021-01-29 21:51:22
prion
prion
Design/Logic Flaw
2021-01-29 22:15:00
nvd
nvd
CVE-2021-21254
2021-01-29 22:15:14
cve
cve
CVE-2021-21254
2021-01-29 22:15:14
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-02-01 10:51:29
cvelist
cvelist
CVE-2021-21254 Regular expression Denial of Service in Markdown plugin
2021-01-29 21:55:14