Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (2)
| Vulnerability |
Summary |
Aliases |
|
VCID-6vcj-5faq-93e4
|
Several quadratic complexity bugs may lead to denial of service in Commonmarker
## Impact
Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm)
library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
* [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c)
* [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r)
* [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr)
* [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p)
For more information, consult the release notes for version
[`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7).
## Mitigation
Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7).
|
GHSA-636f-xm5j-pj9m
GMS-2023-123
|
|
VCID-76q8-unpg-ryas
|
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
## Impact
Several quadratic complexity bugs in commonmarker's underlying
cmark-gfm library may lead to unbounded resource exhaustion and
subsequent denial of service.
The following vulnerabilities were addressed:
* CVE-2023-24824
* CVE-2023-26485
For more information, consult the release notes for versions
0.23.0.gfm.10 and 0.23.0.gfm.11.
## Mitigation
Users are advised to upgrade to commonmarker version 0.23.9
|
GHSA-48wp-p9qv-4j64
GMS-2023-1110
|