A range of quadratic parsing issues from cmark/cmark-gfm are also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown.
cmark
cmark-gfm
0.17.0 contains fixes to known quadratic parsing issues.
n/a
Impact
A range of quadratic parsing issues from
cmark/cmark-gfmare also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown.Patches
0.17.0 contains fixes to known quadratic parsing issues.
Workarounds
n/a
References