Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34749: Fix asteris emphasis regex CVE-2022-34749 · lepture/mistune@a6d4321

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

CVE
Open in Source

@@ -12,12 +12,6 @@ <p>[link [foo [bar]]](/uri)</p> ````````````````````````````````
```````````````````````````````` example [link *foo **bar** `#`*](/uri) . <p><a href="/uri">link *foo <strong>bar</strong> <code>#</code>*</a></p> ````````````````````````````````
```````````````````````````````` example [foo [bar](/uri)](/uri) . @@ -48,14 +42,6 @@ <p><a href="uri">foo<http://example.com/?search=</a>></p> ````````````````````````````````
```````````````````````````````` example [link *foo **bar** `#`*][ref]
[ref]: /uri . <p><a href="/uri">link *foo <strong>bar</strong> <code>#</code>*</a></p> ````````````````````````````````
```````````````````````````````` example [foo [bar](/uri)][ref]

Related news

GHSA-fw3v-x4f2-v673: Mistune v2.0.2 vulnerable to catastrophic backtracking

In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE