CVE-2019-12041
HIGH7.5EPSS 0.40%Regular Expression Denial of Service in remarkable
Published: 6/6/2019Modified: 4/22/2024
Also known as:GHSA-q22g-8fr4-qpj4
Description
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
Affected packages (1)
- npm/remarkablefrom 0, < 1.7.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-12041
- WEBhttps://github.com/jonschlinkert/remarkable/commit/287dfbf22e70790c8b709ae37a5be0523597673c
- WEBhttps://github.com/jonschlinkert/remarkable/issues/331
- WEBhttps://github.com/jonschlinkert/remarkable/pull/335#issuecomment-515958379
- WEBhttps://snyk.io/vuln/SNYK-JS-REMARKABLE-174639