Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mistune
(Mistune_project)| Repositories | https://github.com/lepture/mistune |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-29 | CVE-2017-16876 | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | Fedora, Mistune | 6.1 | ||
| 2022-07-25 | CVE-2022-34749 | In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | Fedora, Mistune | 7.5 | ||
| 2017-10-19 | CVE-2017-15612 | mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | Mistune | 6.1 |