The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
{
"cwe_ids": [
"CWE-1333"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6069.json",
"cna_assigner": "PSF"
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.10.19"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.14"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.12"
},
{
"introduced": "3.13.0"
},
{
"fixed": "3.13.6"
},
{
"introduced": "3.14.0a1"
},
{
"fixed": "3.14.0b3"
}
]
}