This project forked from github/training-kit
Open source cheat sheets for Git and GitHub
Home Page: https://github.github.com/training-kit/
License: Creative Commons Attribution 4.0 International
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Vulnerable Library - tzinfo-1.2.9.gemTZInfo provides daylight savings aware transformations between times in different time zones.
Library home page: https://rubygems.org/gems/tzinfo-1.2.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.5.0/cache/tzinfo-1.2.9.gem,/home/wss-scanner/.gem/ruby/2.7.0/cache/tzinfo-1.2.9.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with require on demand. In the affected versions, TZInfo::Timezone.get fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get can be made to load unintended files with require, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of tzinfo/definition within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z.
Publish Date: 2022-07-22
URL: CVE-2022-31163
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-5cm2-9h8c-rvfx
Release Date: 2022-07-22
Fix Resolution: tzinfo - 0.3.61,1.2.10
Step up your Open Source Security Game with Mend here
Vulnerable Library - rack-2.2.4.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
Publish Date: 2023-02-09
URL: CVE-2022-44572
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rqv2-275x-2jq5
Release Date: 2023-02-09
Fix Resolution: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - rack-2.2.4.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
Publish Date: 2023-02-09
URL: CVE-2022-44570
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-65f5-mfpf-vfhj
Release Date: 2023-02-09
Fix Resolution: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - rack-2.2.3.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.3.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack before 2.0.9.1,2.1.4.1,2.2.3.1
Publish Date: 2022-05-03
URL: CVE-2022-30123
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-wq4h-7r42-5hrr
Release Date: 2022-05-03
Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - nokogiri-1.13.8-x86_64-linux.gemNokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).
Library home page: https://rubygems.org/gems/nokogiri-1.13.8-x86_64-linux.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.13.8-x86_64-linux.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
nokogiri up to and including 1.13.8 is affected by several vulnerabilities (CVE-2022-40303, CVE-2022-40304 and CVE-2022-2309) in the dependency bundled libxml2 library. Version 1.13.9 of nokogiri contains a patch where the dependency is upgraded with the patches as well.
Publish Date: 2022-10-18
URL: WS-2022-0334
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2qc6-mcvw-92cw
Release Date: 2022-10-18
Fix Resolution: nokogiri - 1.13.9
Step up your Open Source Security Game with Mend here
Vulnerable Library - commonmarker-0.23.5.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.23.5.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/commonmarker-0.23.5.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Publish Date: 2022-09-21
URL: WS-2022-0320
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-4qw4-jpp4-8gvp
Release Date: 2022-09-21
Fix Resolution: commonmarker - 0.23.6
Step up your Open Source Security Game with Mend here
Vulnerable Library - commonmarker-0.23.6.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.23.6.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/commonmarker-0.23.6.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of _ characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD cmark-gfm is a fork of cmark that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both cmark and cmark-gfm. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in github/cmark-gfm
Publish Date: 2023-03-31
URL: CVE-2023-26485
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-03-31
Fix Resolution: commonmarker - 0.23.9
Step up your Open Source Security Game with Mend here
Vulnerable Library - rexml-3.2.4.gemAn XML toolkit for Ruby
Library home page: https://rubygems.org/gems/rexml-3.2.4.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Publish Date: 2021-04-21
URL: CVE-2021-28965
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8cr8-4vfw-mr7h
Release Date: 2021-04-21
Fix Resolution: rexml - 3.2.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - nokogiri-1.12.3.gemNokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).
Library home page: https://rubygems.org/gems/nokogiri-1.12.3.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Nokogiri before version 1.13.2 is vulnerable.
Publish Date: 2022-03-01
URL: WS-2022-0089
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-fq42-c5rg-92c2
Release Date: 2022-03-01
Fix Resolution: nokogiri - v1.13.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - rack-2.2.4.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. The issue is fixed versions 2.2.6.4 and 3.0.6.1
Publish Date: 2023-03-03
URL: CVE-2023-27539
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2023-03-03
Fix Resolution: rack - 2.2.6.4,3.0.6.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - rack-2.2.4.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
Publish Date: 2023-02-09
URL: CVE-2022-44571
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-93pm-5p5f-3ghx
Release Date: 2023-02-09
Fix Resolution: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - activesupport-6.0.6.gemA toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-6.0.6.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-6.0.6.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
Publish Date: 2023-02-09
URL: CVE-2023-22796
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-j6gc-792m-qgm2
Release Date: 2023-02-09
Fix Resolution: activesupport - 6.1.7.1,7.0.4.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - commonmarker-0.23.6.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.23.6.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/commonmarker-0.23.6.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of > or - characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.
Publish Date: 2023-03-31
URL: CVE-2023-24824
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-03-31
Fix Resolution: commonmarker - 0.23.9
Step up your Open Source Security Game with Mend here
Vulnerable Library - kramdown-2.3.0.gemkramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions.
Library home page: https://rubygems.org/gems/kramdown-2.3.0.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Publish Date: 2021-03-19
URL: CVE-2021-28834
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: rubysec/ruby-advisory-db@d06e48b
Release Date: 2021-03-19
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - nokogiri-1.13.4-x86_64-linux.gemNokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).
Library home page: https://rubygems.org/gems/nokogiri-1.13.4-x86_64-linux.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.13.4-x86_64-linux.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.
Publish Date: 2022-05-20
URL: CVE-2022-29181
CVSS 3 Score Details (8.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
Release Date: 2022-05-20
Fix Resolution: nokogiri - 1.13.6
Step up your Open Source Security Game with Mend here
Vulnerable Library - rack-2.2.4.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Publish Date: 2023-03-10
URL: CVE-2023-27530
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2023-03-10
Fix Resolution: rack - 2.0.9.3,2.1.4.3,2.2.6.3,3.0.4.2
Step up your Open Source Security Game with Mend here
Vulnerable Library - rack-2.2.3.gemRack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.3.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
There is a possible denial of service vulnerability in the multipart parsing component of Rack before 2.0.9.1,2.1.4.1,2.2.3.1
Publish Date: 2022-05-03
URL: CVE-2022-30122
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-hxqx-xwvh-44m2
Release Date: 2022-05-03
Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - commonmarker-0.17.13.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
commonmarker versions prior to 0.23.4 are vulnerable to heap memory corruption when parsing tables whose marker rows contain more than UINT16_MAX columns.
The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution.
Publish Date: 2022-02-03
URL: WS-2022-0093
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-fmx4-26r3-wxpf
Release Date: 2022-02-03
Fix Resolution: commonmarker - 0.23.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - nokogiri-1.12.3.gemNokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).
Library home page: https://rubygems.org/gems/nokogiri-1.12.3.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
Publish Date: 2021-09-27
URL: CVE-2021-41098
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098
Release Date: 2021-09-27
Fix Resolution: nokogiri - 1.12.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - commonmarker-0.23.6.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.23.6.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/commonmarker-0.23.6.gem
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Publish Date: 2023-04-12
URL: WS-2023-0095
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-04-12
Fix Resolution: commonmarker - 0.23.9
Step up your Open Source Security Game with Mend here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
