Miggo Logo

CVE-2019-25103: Regular Expression Denial of Service in simple-markdown

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.12588%
Published
2/12/2023
Updated
10/20/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
simple-markdownnpm< 0.5.20.5.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the regex pattern used for inline code parsing in simple-markdown.js. The commit diff shows the vulnerable regex had \s* before/after the content capture group ([\s\S]?[^`]), creating ambiguity in space parsing. This ambiguity led to catastrophic backtracking (CWE-1333). The patch removes these \s quantifiers and adds post-processing for spaces, confirming the regex was the root cause. The function is clearly identified in the defaultRules.inlineCode.match property in simple-markdown.js.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility **s ***n *oun* in simpl*-m*rk*own *.*.* *n* *l*ssi*i** *s pro*l*m*ti*. *****t** *y t*is vuln*r**ility is *n unknown *un*tion*lity o* t** *il* simpl*-m*rk*own.js. T** m*nipul*tion l***s to in***i*i*nt r**ul*r *xpr*ssion *ompl*xity. T**

Reasoning

T** vuln*r**ility st*ms *rom t** r***x p*tt*rn us** *or inlin* *o** p*rsin* in simpl*-m*rk*own.js. T** *ommit *i** s*ows t** vuln*r**l* r***x *** \s* ***or*/**t*r t** *ont*nt **ptur* *roup ([\s\S]*?[^`]), *r**tin* *m*i*uity in sp*** p*rsin*. T*is *m*