CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
46.7%
In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
github.com/lepture/mistune
github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
github.com/lepture/mistune/commit/ca1e7b506850f4e488823fc7338b49a8f9852718
github.com/lepture/mistune/issues/314#issuecomment-1223972386
github.com/lepture/mistune/releases
github.com/pypa/advisory-database/blob/main/vulns/mistune/PYSEC-2022-237.yaml
github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2022-237.yaml
lists.fedoraproject.org/archives/list/[email protected]/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63
nvd.nist.gov/vuln/detail/CVE-2022-34749