Moderate severity vulnerability that affects markdown2

2018-07-12T20:29:21
ID GHSA-P6H9-GW49-RQM4
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:01

Description

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.