Search for packages
| purl | pkg:gem/commonmarker@0.4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2wss-jpkk-pbb3
Aliases: CVE-2024-22051 GHSA-fmx4-26r3-wxpf GMS-2022-240 |
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. |
Affected by 4 other vulnerabilities. |
|
VCID-6vcj-5faq-93e4
Aliases: GHSA-636f-xm5j-pj9m GMS-2023-123 |
Several quadratic complexity bugs may lead to denial of service in Commonmarker ## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c) * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r) * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr) * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p) For more information, consult the release notes for version [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7). |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-76q8-unpg-ryas
Aliases: GHSA-48wp-p9qv-4j64 GMS-2023-1110 |
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service ## Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * CVE-2023-24824 * CVE-2023-26485 For more information, consult the release notes for versions 0.23.0.gfm.10 and 0.23.0.gfm.11. ## Mitigation Users are advised to upgrade to commonmarker version 0.23.9 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-tfng-ynpw-cqa6
Aliases: GHSA-7vh7-fw88-wj87 GMS-2023-1914 |
Several quadratic complexity bugs may lead to denial of service in Commonmarker ## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-37463](https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5) For more information, consult the release notes for version [`0.29.0.gfm.12`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.10`](https://rubygems.org/gems/commonmarker/versions/0.23.10). |
Affected by 0 other vulnerabilities. |
|
VCID-yuxd-823b-cyb1
Aliases: GHSA-4qw4-jpp4-8gvp GMS-2022-4428 |
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||