Vitaly Puzrin

3 exploits Active since Jun 2017
CVE-2026-2327 WRITEUP MEDIUM WRITEUP
markdown-it <14.1.1 - DoS
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.
CVSS 5.3
CVE-2015-3295 WRITEUP MEDIUM WRITEUP
markdown-it <4.1.0 - Open Redirect
markdown-it before 4.1.0 does not block data: URLs.
CVSS 5.3
CVE-2022-21670 WRITEUP MEDIUM WRITEUP
markdown-it <1.3.2 - Info Disclosure
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.
CVSS 5.3