Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-fw3v-x4f2-v673: Mistune v2.0.2 vulnerable to catastrophic backtracking

In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

ghsa
Open in Source
#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-34749

Mistune v2.0.2 vulnerable to catastrophic backtracking

Moderate severity GitHub Reviewed Published Jul 26, 2022 • Updated Jul 29, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

pip mistune (pip)

Affected versions

< 2.0.3

Description

Related news

CVE-2022-34749: Fix asteris emphasis regex CVE-2022-34749 · lepture/mistune@a6d4321

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

ghsa: Latest News

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File
ghsa