Search CVE reports
1 – 3 of 3 results
CVE-2022-34749
Medium priorityIn mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
1 affected packages
mistune
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mistune | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2017-16876
Medium priorityCross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
1 affected packages
mistune
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mistune | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-15612
Medium prioritymistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
1 affected packages
mistune
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mistune | Not affected | Not affected | Not affected | Not affected | Vulnerable |