search

r-lib / commonmark

High Performance CommonMark and Github Markdown Rendering in R
https://docs.ropensci.org/commonmark/
Other
88 stars 11 forks source link

CVE-2020-5238 #13

Closed daissi closed 2 years ago

daissi commented 4 years ago

Hi,

cmark-gfm is affected by CVE-2020-5238 and consequently the R package is also affected.

Best, Dylan

tillea commented 2 years ago

Hi, any news about this CVE? Kind regards, Andreas.

jeroen commented 2 years ago

An attacker could craft a markdown table which would take an unreasonably long time to process...

We do not need a cve for that, in R everything takes an unreasonably long time to process :) But I'll update vendored cmark.