PT-2023-20601 · Pypi · Markdown-It-Py

Chris Sewell

+2

·

Publicado

2023-02-22

·

Atualizado

2026-06-03

·

CVE-2023-26303

CVSS v4.0

7.1

Alta

VetorAV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions markdown-it-py versions prior to 2.2.0
Description A denial of service could be caused if an attacker is allowed to force null assertions with specially crafted input.
Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-173

Identificadores relacionados

CVE-2023-26303
GHSA-VRJV-MXR7-VJF8
OPENSUSE-SU-2024:12772-1
PYSEC-2023-24

Produtos afetados

Markdown-It-Py