Main Vulnerability Database Vulnerabilities #VU127413

Inefficient regular expression complexity in markdown-it - CVE-2022-21670

Published: January 8, 2022 / Updated: April 24, 2026

Vulnerability identifier: #VU127413

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-21670

CWE-ID: CWE-1333

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
markdown-it

Software vendor:
markdown-it

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to inefficient regular expression complexity in newline rule when parsing specially crafted markdown input. A remote attacker can send specially crafted input to cause a denial of service.

Inputs containing special patterns with lengths greater than 50,000 characters can significantly slow down the parser.

Remediation

Install security update from vendor's website.

Inefficient regular expression complexity in markdown-it - CVE-2022-21670

Description

Remediation

External links

Please verify you're human