CVE-2019-16215

Published: Sep 18, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/

x_refsource_CONFIRM

https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-16215

Description

Affected Products

References