Headline
CVE-2023-26302: 🐛 FIX: CLI crash on non-utf8 character (#247) · executablebooks/markdown-it-py@53ca3e9
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this organization All GitHub
In this repository All GitHub
Sign in
Sign up
executablebooks / markdown-it-py Public
- Notifications
- Fork 54
- Star 427
- Code
- Issues 17
- Pull requests 4
- Actions
- Security
- Insights
More
Permalink
Browse files
🐛
FIX: CLI crash on non-utf8 character (#247)
Addresses CVE-2023-26302
- Loading branch information
chrisjsewell committed
Feb 22, 2023
1 parent 6491bc2 commit 53ca3e9
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
- parse.py
- test_cli.py
2 markdown_it/cli/parse.py
Show comments View file
@@ -35,7 +35,7 @@ def convert_file(filename: str) -> None:
Parse a Markdown file and dump the output to stdout.
“"”
try:
with open(filename, “r”) as fin:
with open(filename, “r", encoding="utf8", errors="ignore”) as fin:
rendered = MarkdownIt().render(fin.read())
print(rendered, end="")
except OSError:
7 tests/test_cli.py
Show comments View file
@@ -20,6 +20,13 @@ def test_parse_fail():
assert exc_info.value.code == 1
def test_non_utf8():
with tempfile.TemporaryDirectory() as tempdir:
path = pathlib.Path(tempdir).joinpath(“test.md”)
path.write_bytes(b"\x80abc")
assert parse.main([str(path)]) == 0
def test_print_heading():
with patch(“builtins.print”) as patched:
parse.print_heading()
0 comments on commit 53ca3e9
Please sign in to comment.
Related news
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.