Search CVE reports
1 – 2 of 2 results
CVE-2021-26813
Medium prioritymarkdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
1 affected packages
python-markdown2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-markdown2 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2020-11888
Medium prioritypython-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
1 affected packages
python-markdown2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-markdown2 | Not affected | Not affected | Needs evaluation | Not in release | Not in release |