CVE-2026-48801المعلومات

الملخص

بحسب MITRE • 15/07/2026

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs unanchored regex searches on progressively shorter tails. Any service that synchronously renders untrusted Markdown with linkify:true on a request hot path can inherit a worker-process denial of service triggerable by a tens-of-KB request body. This issue is fixed in version 5.0.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!