GHSA-fw3v-x4f2-v673

Опубликовано: 26 июл. 2022

Источник: github

Github: Прошло ревью

CVSS4: 8.8

CVSS3: 8.6

Описание

Mistune vulnerable to catastrophic backtracking

In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Ссылки

Пакеты

Наименование

mistune

pip

Затронутые версииВерсия исправления

>= 2.0.0a1, < 2.0.3

2.0.3

EPSS

Процентиль: 66%

0.00518

Низкий

8.8 High

CVSS4

8.6 High

CVSS3

CVE ID

CVE-2022-34749

Дефекты

CWE-1333

Связанные уязвимости

CVE-2022-34749

CVSS3: 7.5

ubuntu

больше 3 лет назад

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

CVE-2022-34749

CVSS3: 7.5

redhat

больше 3 лет назад

CVE-2022-34749

CVSS3: 7.5

nvd

больше 3 лет назад

CVE-2022-34749

CVSS3: 7.5

msrc

больше 3 лет назад

In mistune through 2.0.2 support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

CVE-2022-34749

CVSS3: 7.5

debian

больше 3 лет назад

In mistune through 2.0.2, support of inline markup is implemented by u ...

EPSS

Процентиль: 66%

0.00518

Низкий

8.8 High

CVSS4

8.6 High

CVSS3

CVE ID

CVE-2022-34749

Дефекты

CWE-1333