7 matches found
Fedora: Security Advisory (FEDORA-2023-f970cbb557)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : python-markdown-it-py (2023-c3fb6d6b8d)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c3fb6d6b8d advisory. Update to 2.2.0, includes the fix for CVE-2023-26302 Tenable has extracted the preceding description block directly from the Fedora security advisor...
a2grunnerp (>=0.1.0 <=0.1.8), apidriver (>=0.4.0 <=0.9.5) +73 more potentially affected by CVE-2023-26302 via markdown-it-py (>=0.4.6 <=2.1.0)
markdown-it-py PYPI version =0.4.6, =0.1.0, =0.4.0, =1.0.148, =1.1.13, =0.1.0, =0.0.1, =3.72.0, =2.2.0, =0.10.0, =2.2.0, =0.0.5, =0.0.13 - gamesdb-api =0.3.1 and more Source cves: CVE-2023-26302 Source advisory: OSV:GHSA-JRWR-5X3P-HVC3...
a2grunnerp (>=0.1.0 <=0.1.8), apidriver (>=0.4.0 <=0.9.5) +73 more potentially affected by CVE-2023-26302 via markdown-it-py (>=0.4.6 <=2.1.0)
markdown-it-py PYPI version =0.4.6, =0.1.0, =0.4.0, =1.0.148, =1.1.13, =0.1.0, =0.0.1, =3.72.0, =2.2.0, =0.10.0, =2.2.0, =0.0.5, =0.0.13 - gamesdb-api =0.3.1 and more Source cves: CVE-2023-26302 Source advisory: OSV:PYSEC-2023-23...
CVE-2023-26302 markdown-it-py CLI crash on invalid UTF-8 characters
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...
CVE-2023-26302
CVE-2023-26302 affects markdown-it-py prior to 2.2.0, where the command-line interface can experience a denial of service when fed invalid UTF-8 input. The connected Fedora advisories and Nessus/OpenVAS entries confirm the vulnerability in python-markdown-it-py and indicate that updates exist (2....
CVE-2023-26302
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...