CVE-2022-34749: Mistune v2.0.2 vulnerable to catastrophic backtracking
(updated )
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
References
Detect and mitigate CVE-2022-34749 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →