CVE-2021-43308: 
JavaScript vulnerability analysis and mitigation

An exponential ReDoS (Regular Expression Denial of Service) vulnerability was identified in the markdown-link-extractor npm package, tracked as CVE-2021-43308. The vulnerability was discovered by Denys Vozniuk of the JFrog Security Research Team and published on May 30, 2022. This vulnerability affects markdown-link-extractor versions up to 3.0.1 and version 4.0.0 (JFrog Research).

The vulnerability is classified as CWE-1333 (Inefficient Regular Expression Complexity) with a CVSS v3.1 base score of 7.5 (HIGH) according to NIST, while JFrog assessed it with a CVSS score of 5.9 (MEDIUM). The vulnerability occurs when an attacker can supply arbitrary input to the module's exported function, potentially triggering an exponential Regular Expression Denial of Service condition (NVD).

When successfully exploited, this vulnerability can lead to a denial of service condition, affecting the availability of systems using the vulnerable versions of the markdown-link-extractor package. The impact primarily affects the system's availability, with no direct effect on confidentiality or integrity (NVD).

The vulnerability has been fixed in versions 3.0.2 and 4.0.1 of the markdown-link-extractor package. Users should upgrade to these or later versions to mitigate the vulnerability. No alternative mitigations are available for this issue (JFrog Research).