VIR Vulnerability Intelligence Relay

Package impact

python PyPI / markdown2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-26813 low 2.5 5y ago markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de… archdebianpython
CVE-2009-3724 unknown 4y ago python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. python
CVE-2020-11888 unknown 6y ago python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. debianpython
CVE-2018-5773 unknown 8y ago An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properl… python