GHSA-4xf9-pgvv-xx67: Duplicate Advisory: Regular Expression Denial of Service in simple-markdown

September 3, 2020 (updated February 3, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-gpvj-gp8c-c7p2. This link is maintained to preserve external references.

Original Description

Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS). The SimpleMarkdown.defaultInlineParse() function has significantly degraded performance when parsing inline code blocks.

Recommendation

Upgrade to version 0.5.2 or later.

References

github.com/Khan/simple-markdown
github.com/Khan/simple-markdown/issues/71
github.com/advisories/GHSA-4xf9-pgvv-xx67
github.com/ariabuckles/simple-markdown/commit/89797fef9abb4cab2fb76a335968266a92588816
snyk.io/vuln/SNYK-JS-SIMPLEMARKDOWN-460540

Code Behaviors & Features

Detect and mitigate GHSA-4xf9-pgvv-xx67 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →