The Markdown parser in Zulip server... CVE-2019-16215

4.0 AV AC AU C I A
发布: 2019-09-11
修订: 2020-09-29

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.