GHSA-7mpr-5m44-h73r

Опубликовано: 27 апр. 2025

Источник: github

Github: Прошло ревью

CVSS3: 2.9

Описание

markdownify allows large headline prefixes such as , which causes memory consumption

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

through

. This causes memory consumption.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-46656
https://github.com/matthewwithanm/python-markdownify/issues/143
https://github.com/matthewwithanm/python-markdownify/commit/959561879693bf4a576f99c6733b50b01186aa08
https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1

Пакеты

Наименование

markdownify

pip

Затронутые версииВерсия исправления

< 0.14.1

0.14.1

EPSS

Процентиль: 9%

0.00032

Низкий

2.9 Low

CVSS3

CVE ID

CVE-2025-46656

Дефекты

CWE-1284

Связанные уязвимости

CVE-2025-46656

CVSS3: 2.9

nvd

10 месяцев назад

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

EPSS

Процентиль: 9%

0.00032

Низкий

2.9 Low

CVSS3

CVE ID

CVE-2025-46656

Дефекты

CWE-1284