Filtered by vendor Mistune Project
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-11-21 | N/A | 7.5 HIGH |
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | |||||
CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | |||||
CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. |