CVE-2022-34749

Mistune v2.0.2 vulnerable to catastrophic backtracking in pypi/mistune

Identifiers

CVE-2022-34749, GHSA-fw3v-x4f2-v673

Package Slug

pypi/mistune

Vulnerability

Mistune v2.0.2 vulnerable to catastrophic backtracking

Description

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Affected Versions

All versions up to 2.0.2

Solution

Upgrade to version 2.0.3 or above.

Last Modified

2022-08-01

source