markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
References
Configurations
History
21 Nov 2024, 05:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/trentm/python-markdown2/pull/387 - Exploit, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/ - |
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 |
Information
Published : 2021-03-03 16:15
Updated : 2024-11-21 05:56
NVD link : CVE-2021-26813
Mitre link : CVE-2021-26813
CVE.ORG link : CVE-2021-26813
JSON object : View
Products Affected
fedoraproject
- fedora
markdown2_project
- markdown2
CWE
CWE-1333
Inefficient Regular Expression Complexity