Untriaged
Permalink
CVE-2023-26302
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
markdown-it-py CLI crash on invalid UTF-8 characters
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.
References
- https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf… patch
- https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf… patch x_transferred
- https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf… patch
- https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf… patch x_transferred
Affected products
markdown-it-py
- <v2.2.0
Matching in nixpkgs
pkgs.python312Packages.markdown-it-py
Markdown parser in Python
-
nixos-unstable -
- nixpkgs-unstable 3.0.0
pkgs.python313Packages.markdown-it-py
Markdown parser in Python
-
nixos-unstable -
- nixpkgs-unstable 3.0.0
Package maintainers
-
@bhipple Benjamin Hipple <bhipple@protonmail.com>