Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2022-34749
- EPSS 0.52%
- Published 25.07.2022 23:15:07
- Last modified 21.11.2024 07:10:06
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
6.1
CVE-2017-16876
- EPSS 0.58%
- Published 29.12.2017 15:29:00
- Last modified 20.04.2025 01:37:25
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
6.1
CVE-2017-15612
- EPSS 0.22%
- Published 19.10.2017 08:29:00
- Last modified 20.04.2025 01:37:25
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
1