Untriaged
Permalink
CVE-2023-26303
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
markdown-it-py crash on null assertions
Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.
References
- https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fd… patch
- https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fd… patch x_transferred
- https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fd… patch
- https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fd… patch x_transferred
Affected products
markdown-it-py
- <v2.2.0
Matching in nixpkgs
pkgs.python312Packages.markdown-it-py
Markdown parser in Python
-
nixos-unstable -
- nixpkgs-unstable 3.0.0
pkgs.python313Packages.markdown-it-py
Markdown parser in Python
-
nixos-unstable -
- nixpkgs-unstable 3.0.0
Package maintainers
-
@bhipple Benjamin Hipple <bhipple@protonmail.com>