Closed daissi closed 2 years ago
Hi, any news about this CVE? Kind regards, Andreas.
An attacker could craft a markdown table which would take an unreasonably long time to process...
We do not need a cve for that, in R everything takes an unreasonably long time to process :) But I'll update vendored cmark.
Hi,
cmark-gfm is affected by CVE-2020-5238 and consequently the R package is also affected.
Best, Dylan