NodeJS/markdown/0.5.0
A sensible Markdown parser for javascript
https://www.npmjs.com/package/markdown
MIT
1 Security Vulnerabilities
Regular Expression Denial of Service in markdown
Published date: 2020-09-04T15:11:03Z
All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Affected versions:
["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.3.0", "0.3.1", "0.4.0", "0.5.0"]
Secure versions:
[]
8 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.5.0 | MIT | 1 | 2013-07-26 - 09:48 | over 10 years |
| 0.4.0 | MIT | 1 | 2012-06-09 - 11:06 | almost 12 years |
| 0.3.1 | MIT | 1 | 2011-10-26 - 23:04 | over 12 years |
| 0.3.0 | MIT | 1 | 2011-10-20 - 21:11 | over 12 years |
| 0.2.1 | MIT | 1 | 2011-03-07 - 00:57 | about 13 years |
| 0.1.2 | UNKNOWN | 1 | 2010-12-28 - 19:53 | over 13 years |
| 0.1.1 | UNKNOWN | 1 | 2010-12-28 - 19:53 | over 13 years |
| 0.1.0 | UNKNOWN | 1 | 2010-12-28 - 19:53 | over 13 years |