CVE-2020-26307 HIGH

CVE-2020-26307: GHSL-2020-301: Regular Expression Denial of Service (ReDoS) in HTML2Markdown

Vendor Kates
Product html2markdown
Weakness CWE-1333
Published October 26, 2024
Last update October 28, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green

What the vulnerability does

01Description

HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

Key dates

02Disclosure timeline

October 26, 2024 CVE published
October 28, 2024 Record updated