-
Notifications
You must be signed in to change notification settings - Fork 55
/
PYSEC-2022-237.yaml
42 lines (42 loc) · 1.05 KB
/
PYSEC-2022-237.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
id: PYSEC-2022-237
details: In mistune through 2.0.2, support of inline markup is implemented by using
regular expressions that can involve a high amount of backtracking on certain edge
cases. This behavior is commonly named catastrophic backtracking.
affected:
- package:
name: mistune
ecosystem: PyPI
purl: pkg:pypi/mistune
ranges:
- type: GIT
repo: https://github.com/lepture/mistune
events:
- introduced: "0"
- fixed: a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
- type: ECOSYSTEM
events:
- introduced: "2.0.0a1"
- fixed: 2.0.3
versions:
- 2.0.0
- 2.0.0a1
- 2.0.0a2
- 2.0.0a3
- 2.0.0a4
- 2.0.0a5
- 2.0.0a6
- 2.0.0rc1
- 2.0.1
- 2.0.2
references:
- type: FIX
url: https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
- type: WEB
url: https://github.com/lepture/mistune/releases
- type: ADVISORY
url: https://github.com/advisories/GHSA-fw3v-x4f2-v673
aliases:
- CVE-2022-34749
- GHSA-fw3v-x4f2-v673
modified: "2022-07-26T03:40:40.758214Z"
published: "2022-07-25T23:15:00Z"