5.5
CVE-2023-26303
- EPSS 0.15%
- Veröffentlicht 23.02.2023 00:15:11
- Zuletzt bearbeitet 25.02.2026 17:19:19
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
LoginDenial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Executablebooks ≫ Markdown-it-py Version < 2.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| security@ubuntu.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-173 Improper Handling of Alternate Encoding
The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.