FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-markdown2 -- regular expression denial of service vulnerability

Affected packages
py310-markdown2 < 2.4.0
py311-markdown2 < 2.4.0
py37-markdown2 < 2.4.0
py38-markdown2 < 2.4.0
py39-markdown2 < 2.4.0

Details

VuXML ID c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9
Discovery 2021-03-03
Entry 2023-08-31

Ben Caller reports:

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability.

If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

[source]

References

CVE Name CVE-2021-26813
URL https://osv.dev/vulnerability/GHSA-jr9p-r423-9m2r
URL https://osv.dev/vulnerability/PYSEC-2021-20

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.