CVE-2024-1899 (Medium) detected in showdown-1.9.1.tgz #323

mend-for-github-com · 2024-03-05T21:11:50Z

CVE-2024-1899 - Medium Severity Vulnerability

Vulnerable Library - showdown-1.9.1.tgz

A Markdown to HTML converter written in Javascript

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

Found in base branch: main

Vulnerability Details

An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.

Publish Date: 2024-02-26

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Mar 5, 2024

github-actions bot added the untriaged label Mar 5, 2024

Swiddis self-assigned this Mar 26, 2024

Swiddis removed the untriaged label Mar 26, 2024

Swiddis mentioned this issue Mar 28, 2024

Update showdown.js #334

Merged

6 tasks

joshuali925 closed this as completed in #334 Apr 12, 2024