mdex is vulnerable to Unbounded memory allocation
69
Medium Risk
mdex allows unbounded memory allocation when rendering Markdown that contains a fenced code block with an oversized highlight_lines range in its info string. The native adapter (LumisAdapter::parse_highlight_lines in lumis_adapter.rs) eagerly expands the attacker-controlled inclusive line range into a Vec<usize> with no upper bound, allocating roughly 8 bytes per line.
You are affected if you are using a version that falls within the vulnerable range.
mdex is vulnerable to Unbounded memory allocation in versions 0.11.0 - 0.12.2.
Upgrade the mdex library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant