mdex_native is vulnerable to Unbounded memory allocation
69
Medium Risk
mdex_native allows unbounded memory allocation when rendering Markdown that contains a fenced code block with an oversized highlight_lines range in its info string. The native adapter (LumisAdapter::parse_highlight_lines in lumis_adapter.rs) eagerly expands the attacker-controlled inclusive line range into a Vec<usize> with no upper bound, allocating roughly 8 bytes per line.
You are affected if you are using a version that falls within the vulnerable range.
mdex_native is vulnerable to Unbounded memory allocation in versions 0.1.0 - 0.2.2.
Upgrade the mdex_native library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant