noobscode/kalel

WS-2022-0320 (High) detected in commonmarker-0.17.7.1.gem

mend-bolt-for-github opened this issue · 0 comments

mend-bolt-for-github commented

WS-2022-0320 - High Severity Vulnerability

Vulnerable Library - commonmarker-0.17.7.1.gem

A fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.

Library home page: https://rubygems.org/gems/commonmarker-0.17.7.1.gem

Dependency Hierarchy:

  • github-pages-175.gem (Root Library)
    • jekyll-commonmark-ghpages-0.1.3.gem
      • commonmarker-0.17.7.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Publish Date: 2022-09-21

URL: WS-2022-0320

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4qw4-jpp4-8gvp

Release Date: 2022-09-21

Fix Resolution: commonmarker - 0.23.6

Step up your Open Source Security Game with Mend here