PYSEC-2022-237 — Vulnetix

PYSEC-2022-237 PUBLISHED

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Affected Products

Vendor	Product	Versions
PyPI	mistune	0, 2.0.0a1, 2.0.0

Timeline

Jul 25, 2022 CVE Published
Nov 8, 2023 CVE Updated

References

https://github.com/lepture/mistune/releases url
https://github.com/advisories/GHSA-fw3v-x4f2-v673 advisory
https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 fix

Open in Interactive Console →