PYSEC-2021-20
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/markdown2/PYSEC-2021-20.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-20
- Aliases
- Published
- 2021-03-03T16:15:00Z
- Modified
- 2023-11-08T04:05:22.342158Z
- Summary
- [none]
- Details
-
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
- References
-
- https://github.com/trentm/python-markdown2/pull/387
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/
- https://github.com/advisories/GHSA-jr9p-r423-9m2r
Affected packages
PyPI / markdown2
Package
- Name
- markdown2
- View open source insights on deps.dev
- Purl
- pkg:pypi/markdown2