CVE-2019-16215

Publication date

2019-09-18 11:07:00

Family

mitre

State

PUBLISHED

Description

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.