Vulnerabilities (CVE)

Filtered by vendor Mistune Project Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34749 2 Fedoraproject, Mistune Project 2 Fedora, Mistune 2024-11-21 N/A 7.5 HIGH
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
CVE-2017-16876 2 Fedoraproject, Mistune Project 2 Fedora, Mistune 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
CVE-2017-15612 1 Mistune Project 1 Mistune 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.