Key Information Summary Vulnerability Type ReDoS Vulnerability (Regular Expression Denial of Service) Vulnerability Location Two rules in the file: 1. Blockquote Rule 2. List Item Rule Vulnerability Details Blockquote Rule - Code Snippet: - Problematic Part: - Proof of Concept: List Item Rule - Code Snippet: - Problematic Part: - Proof of Concept: Vulnerability Cause Use of greedy quantifier combined with anchor , leading to catastrophic backtracking when processing specific strings. Proposed Fix For : - Split the replacement logic into two steps: one regex for non-vulnerable leading newlines, and a safe trimming logic for trailing newlines. - Example code shown in screenshot. For : - Apply similar logic to safely replace trailing newlines with a single newline. - Example code shown in screenshot. Related CVE CVE-2025-9670