6 matches found
EUVD-2018-0089
Malware in sbrugna...
EUVD-2021-0118
Malware in sbrugna...
aequitas (>=0.26.0 <=0.42.0), askbot (=0.12.3) +29 more potentially affected by CVE-2021-26813 via markdown2 (>=2.3.0 <=2.3.9)
markdown2 PYPI version =2.3.0, =0.26.0, =0.39.0, =0.1.0, =0.5.29, =3.8.3, =0.0.1, =0.4.1, =0.0.1, =0.7.0a1, =0.7.0a2 - markb =0.2.6 - mnemocards =0.1.1 and more Source cves: CVE-2021-26813 Source advisory: OSV:GHSA-JR9P-R423-9M2R...
aequitas (>=0.26.0 <=0.42.0), askbot (=0.12.3) +29 more potentially affected by CVE-2021-26813 via markdown2 (>=2.3.0 <=2.3.9)
markdown2 PYPI version =2.3.0, =0.26.0, =0.39.0, =0.1.0, =0.5.29, =3.8.3, =0.0.1, =0.4.1, =0.0.1, =0.7.0a1, =0.7.0a2 - markb =0.2.6 - mnemocards =0.1.1 and more Source cves: CVE-2021-26813 Source advisory: OSV:PYSEC-2021-20...
CVE-2021-26813
markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...