VulnerableCode Vulnerability Details - VCID-76q8-unpg-ryas

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-76q8-unpg-ryas

Essentials
Severities (11)
References (9)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-76q8-unpg-ryas
Aliases	GHSA-48wp-p9qv-4j64 GMS-2023-1110
Summary	Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service ## Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * CVE-2023-24824 * CVE-2023-26485 For more information, consult the release notes for versions 0.23.0.gfm.10 and 0.23.0.gfm.11. ## Mitigation Users are advised to upgrade to commonmarker version 0.23.9
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-48wp-p9qv-4j64
generic_textual	MODERATE	https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.10
generic_textual	MODERATE	https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.11
generic_textual	MODERATE	https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
generic_textual	MODERATE	https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
generic_textual	MODERATE	https://github.com/gjtorikian/commonmarker
generic_textual	MODERATE	https://github.com/gjtorikian/commonmarker/pull/236
cvssv3	7.5	https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
generic_textual	MODERATE	https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
cvssv3.1_qr	MODERATE	https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-48wp-p9qv-4j64
generic_textual	MODERATE	https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-48wp-p9qv-4j64

Reference id	Reference type	URL
		https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.10
		https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.11
		https://github.com/gjtorikian/commonmarker
		https://github.com/gjtorikian/commonmarker/pull/236
		https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
		https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-48wp-p9qv-4j64
GHSA-48wp-p9qv-4j64		https://github.com/advisories/GHSA-48wp-p9qv-4j64
GHSA-66g8-4hjf-77xh		https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
GHSA-r8vr-c48j-fcc5		https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-12T03:51:51.661930+00:00	Ruby Importer	Import	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/commonmarker/GHSA-48wp-p9qv-4j64.yml	38.6.0