CVE-2023-26303

Опубликовано: 23 фев. 2023

Источник: debian

EPSS Низкий

Описание

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

Пакет	Статус	Версия исправления	Релиз	Тип
markdown-it-py	fixed	2.1.0-5		package

https://github.com/advisories/GHSA-vrjv-mxr7-vjf8
https://github.com/executablebooks/markdown-it-py/pull/246
https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fdd1280f5b89092d5d49 (v2.2.0)

EPSS

Процентиль: 7%

0.00026

Низкий

CVE-2023-26303

CVSS3: 3.3

ubuntu

почти 3 года назад

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

CVE-2023-26303

CVSS3: 5.5

redhat

почти 3 года назад

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

CVE-2023-26303

CVSS3: 3.3

nvd

почти 3 года назад

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

GHSA-vrjv-mxr7-vjf8

CVSS3: 5.5

github

почти 3 года назад

markdown-it-py Denial of Service vulnerability

EPSS

Процентиль: 7%

0.00026

Низкий