CVE-2021-43308
Regular expression denial of service in markdown-link-extractor
EPSS 0.35%
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
How to fix CVE-2021-43308
To remediate CVE-2021-43308, upgrade the affected package to a fixed version below.
- npm/markdown-link-extractor—upgrade to 3.0.2 or later
Is CVE-2021-43308 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0.2