CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25103 – simple-markdown simple-markdown.js redos
https://notcve.org/view.php?id=CVE-2019-25103
A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. • https://github.com/ariabuckles/simple-markdown/commit/89797fef9abb4cab2fb76a335968266a92588816 https://github.com/ariabuckles/simple-markdown/releases/tag/0.5.2 https://vuldb.com/?ctiid.220639 https://vuldb.com/?id.220639 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25102 – simple-markdown simple-markdown.js redos
https://notcve.org/view.php?id=CVE-2019-25102
A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ariabuckles/simple-markdown/commit/015a719bf5cdc561feea05500ecb3274ef609cd2 https://github.com/ariabuckles/simple-markdown/pull/73 https://github.com/ariabuckles/simple-markdown/releases/tag/0.6.1 https://vuldb.com/?ctiid.220638 https://vuldb.com/?id.220638 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-9844
https://notcve.org/view.php?id=CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. simple-markdown.js en Khan Academy simple-markdown versiones anteriores a 0.4.4 permite XSS vía data: o vbscript: URI. • https://github.com/ossf-cve-benchmark/CVE-2019-9844 https://github.com/Khan/simple-markdown/pull/63 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFLP3KJVSV5VWMNEBRXLGRVYFXOV5KOG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZG2I7VH7WLSEUQ77KYP5CRAVFT2RK2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5EFW655O3BXZYAPB65XEREXB2DSNSOT https://www.npmjs.com/package/simple-markdown/v/0.4.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •