Linux Distros Unpatched Vulnerability : CVE-2021-26813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can mak...

Linux Distros Unpatched Vulnerability : CVE-2020-11888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or...

Regular Expression Denial of Service (ReDoS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the sortahtmltokenizere regex used in the HTML tokenizer due to improperly constraining quoted attribute values ".?",...

aequitas (>=0.26.0 <=0.42.0), ai-parrot (>=0.5.0 <=0.10.0) +75 more potentially affected by unknown CVE via markdown2 (>=2.3.0 <=2.5.3)

markdown2 PYPI version =2.3.0, =0.26.0, =0.5.0, =0.0.1, =0.0.1, =2.0.4, =0.39.0, =0.1.0, =0.0.465, =0.0.45, =0.5.29, =0.1.1, =0.1.0, =0.1.2 - criscostack =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MARKDOWN2-11356593...

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Markdown class in lib/markdown2.py, which insufficiently sanitizes attribute values. An attacker can exploit this by crafting...

aequitas (>=0.26.0 <=0.42.0), ai-parrot (>=0.5.0 <=0.10.0) +66 more potentially affected by unknown CVE via markdown2 (>=2.3.0 <=2.5.0)

markdown2 PYPI version =2.3.0, =0.26.0, =0.5.0, =0.0.1, =0.0.1, =2.0.4, =0.39.0, =0.1.0, =0.0.465, =0.0.45, =0.5.29, =0.1.1, =0.1.0, =0.1.2 - criscostack =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MARKDOWN2-8320939...

SUSE CVE-2018-5773

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...

SUSE CVE-2020-11888

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...

Regular Expression Denial of Service (ReDoS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regex \?=\S.+??=\S\. Exploiting this vulnerability will result in catastrophic backtracking...

PYSEC-2021-20

markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...

UBUNTU-CVE-2021-26813

markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...

OPENSUSE-SU-2020:0656-1 Security update for python-markdown2

This update for python-markdown2 fixes the following issues: - CVE-2020-11888: Fixed unsanitized input for cross-site scripting boo1171379 This update was imported from the openSUSE:Leap:15.1:Update update project...

DEBIAN-CVE-2020-11888

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...

aequitas (>=0.26.0 <=0.42.0), codalab (>=0.5.29 <=0.5.52) +13 more potentially affected by CVE-2018-5773 via markdown2 (>=2.3.0 <=2.3.5)

markdown2 PYPI version =2.3.0, =0.26.0, =0.5.29, =3.8.3, =0.0.1, =0.7.0a1, =0.4.3, =2.1.0, =1.13.0, =2.1.0, =2.24.1, =4.2.0, =5.5.5 Source cves: CVE-2018-5773 Source advisory: OSV:GHSA-P6H9-GW49-RQM4...

GHSA-P6H9-GW49-RQM4 markdown2 is vulnerable to cross-site scripting

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final character from...

PYSEC-2018-13

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...