Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2022-34749

Medium priority
Needs evaluation

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

1 affected packages

mistune

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mistune Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-16876

Medium priority
Vulnerable

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

1 affected packages

mistune

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mistune Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-15612

Medium priority
Vulnerable

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.

1 affected packages

mistune

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mistune Not affected Not affected Not affected Not affected Vulnerable
Show less packages