Search CVE reports


Toggle filters

1 – 2 of 2 results


CVE-2021-26813

Medium priority
Needs evaluation

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

1 affected package

python-markdown2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-markdown2 Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2020-11888

Medium priority
Needs evaluation

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.

1 affected package

python-markdown2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-markdown2 Not affected Not affected Needs evaluation Not in release Not in release
Show less packages