VulnerableCode Vulnerability Details - VCID-6vcj-5faq-93e4

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6vcj-5faq-93e4

Essentials
Severities (4)
References (3)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6vcj-5faq-93e4
Aliases	GHSA-636f-xm5j-pj9m GMS-2023-123
Summary	Several quadratic complexity bugs may lead to denial of service in Commonmarker ## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c) * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r) * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr) * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p) For more information, consult the release notes for version [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7).
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-636f-xm5j-pj9m
generic_textual	MODERATE	https://github.com/gjtorikian/commonmarker
cvssv3.1_qr	MODERATE	https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m
generic_textual	MODERATE	https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m

Reference id	Reference type	URL
		https://github.com/gjtorikian/commonmarker
		https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m
GHSA-636f-xm5j-pj9m		https://github.com/advisories/GHSA-636f-xm5j-pj9m

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-12T03:51:51.679363+00:00	Ruby Importer	Import	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/commonmarker/GHSA-636f-xm5j-pj9m.yml	38.6.0