CVE-2023-26303

Опубликовано: 23 фев. 2023

Источник: redhat

CVSS3: 5.5

Описание

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

A denial of service vulnerability exists in markdown-it-py.An attacker could craft a payload with null assertations as input resulting in a crash and availability of the component

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ansible Automation Platform 2	ansible-lint	Affected
Red Hat Ansible Automation Platform 2	ansible-navigator	Affected
Red Hat Ansible Automation Platform 2	python3x-ansible-compat	Affected
Red Hat Ansible Automation Platform 2	python-ansible-compat	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2175704markdown-it-py: Denial of service by forcing null assertions with specially crafted input

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-26303

CVSS3: 3.3

ubuntu

почти 3 года назад

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

CVE-2023-26303

CVSS3: 3.3

nvd

почти 3 года назад

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

CVE-2023-26303

CVSS3: 3.3

debian

почти 3 года назад

Denial of service could be caused to markdown-it-py, before v2.2.0, if ...

GHSA-vrjv-mxr7-vjf8

CVSS3: 5.5

github

почти 3 года назад

markdown-it-py Denial of Service vulnerability

5.5 Medium

CVSS3