4 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. markdown2 versiones anteriores a 1.0.1.18, corregido en 2.4.0, está afectado por una vulnerabilidad de denegación de servicio de expresión regular. Si un atacante proporciona una cadena maliciosa, puede dificultar el procesamiento de Markdown2 o retrasarlo durante un período de tiempo prolongado • https://github.com/trentm/python-markdown2/pull/387 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. python-markdown2 versiones hasta 2.3.8, permite un ataque de tipo XSS porque los nombres de los elementos se manejan inapropiadamente a menos que una coincidencia de \w+ tenga éxito. Por ejemplo, un ataque podría usar elementname@ o elementname- con un atributo onclick. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00035.html https://github.com/trentm/python-markdown2/issues/348 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XOAIRJJCZNJUALXDHSIGH5PS2H63A3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQLRBGRVRRZK7P5SFL2MNGXFX37YHJAV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. python-markdown2 versiones anteriores a la versión 1.0.1.14, tiene múltiples problemas de tipo cross-site scripting (XSS) . • https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000 https://www.openwall.com/lists/oss-security/2009/10/29/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag. Se ha descubierto un problema en markdown2 (también conocido como python-markdown2) hasta la versión 2.3.5. La característica safe_mode, que se supone que sanear entradas contra XSS, tiene errores y no escapa las entradas correctamente. • https://github.com/trentm/python-markdown2/issues/285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •