Cattown Markdown Parser Inefficient Regular Expression Complexity and Resource Exhaustion Vulnerability

A vulnerability exists in Cattown, a JavaScript markdown parser, in versions prior to 1.0.2. The issue arises from the use of regular expressions with inefficient, potentially exponential worst-case complexity. This can lead to excessive CPU usage due to backtracking on crafted inputs, causing resource exhaustion that may result in a denial-of-service condition. Additionally, the vulnerability can bypass certain protection mechanisms, leading to unexpected or insecure behavior.

Impact

The vulnerability can be exploited to cause high CPU or memory usage, leading to resource exhaustion and denial-of-service conditions.

Remediation

Users are advised to upgrade to Cattown version 1.0.2 or later. After upgrading, it is recommended to review and restrict input sources if untrusted inputs are processed.