Filtered by vendor Mistune Project
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | ||||
| CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2025-04-20 | N/A |
| mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | ||||
| CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-11-21 | 7.5 High |
| In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | ||||
Page 1 of 1.