289 matches found
mistune 安全漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune from 3.0.0a1 to 3.2.0 contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack involving regular expressions in LINKTITLERE, which could allow attackers to...
PT-2026-38088
Name of the Vulnerable Software and Affected Versions Mistune versions 3.0.0a1 through 3.2.0 Description A Regular Expression Denial of Service ReDoS exists in the LINK TITLE RE regular expression. An attacker can provide specially crafted Markdown for parsing that triggers catastrophic...
PT-2026-38261
Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description A Denial-of-Service DoS issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title functi...
mistune: catastrophic backtracking
A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...
mistune: catastrophic backtracking
A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...
EUVD-2017-0075
Malware in sbrugna...
EUVD-2017-0074
Malware in sbrugna...
EUVD-2022-0155
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-16876
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HT...
Linux Distros Unpatched Vulnerability : CVE-2017-15612
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink...
Linux Distros Unpatched Vulnerability : CVE-2022-34749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge...
Fedora 37 : python-m2r / python-mistune / python-mistune08 / etc (2022-e4f5866111)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-e4f5866111 advisory. - updates mistune to 2.0.4 - m2r updated to pin dependency to mistune 2 - new package: python-mistune08 compatibility package, to be used by dependents that...
OPENSUSE-SU-2024:14148-1 python310-mistune-3.0.2-2.5 on GA media
These are all security issues fixed in the python310-mistune-3.0.2-2.5 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12350-1 python310-mistune-2.0.4-1.1 on GA media
These are all security issues fixed in the python310-mistune-2.0.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11239-1 python36-mistune-0.8.4-3.5 on GA media
These are all security issues fixed in the python36-mistune-0.8.4-3.5 package on the GA media of openSUSE Tumbleweed...
CVE-2022-34749
A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...
SUSE CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
SUSE CVE-2017-16876
Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...
SUSE CVE-2022-34749
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...
Fedora: Security Advisory for python-mistune (FEDORA-2022-e4f5866111)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...