PT-2026-56510 · Pypi · Mistune
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-59925
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mistune versions prior to 3.3.0
Description
A denial of service issue exists in the default parsing process. Long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in
src/mistune/inline parser.py because the parser scans forward for matching close markers from every potential opening run.Recommendations
Update to version 3.3.0.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mistune