PYSEC-2022-237

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/mistune/PYSEC-2022-237.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-237

Aliases

Published

2022-07-25T23:15:00Z

Modified

2023-11-01T04:59:17.278752Z

Summary

[none]

Details

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

References

Affected packages

PyPI / mistune

Package

Name: mistune; View open source insights on deps.dev
Purl: pkg:pypi/mistune

Affected ranges

Type: GIT
Repo: https://github.com/lepture/mistune
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a6d43215132fe4f3d93f8d7e90ba83b16a0838b2

Type: ECOSYSTEM
Events: Introduced

2.0.0a1

Fixed

2.0.3

Affected versions

2.*

2.0.0a1

2.0.0a2

2.0.0a3

2.0.0a4

2.0.0a5

2.0.0a6

2.0.0rc1

2.0.0

2.0.1

2.0.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/mistune/PYSEC-2022-237.yaml"