CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-26813

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/trentm/python-markdown2/pull/387
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/
https://github.com/trentm/python-markdown2/pull/387
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/

Products affected by CVE-2021-26813

Markdown2 Project » Markdown2 » Version: Any

cpe:2.3:a:markdown2_project:markdown2:*
Fedoraproject » Fedora » Version: 32

cpe:2.3:o:fedoraproject:fedora:32
Fedoraproject » Fedora » Version: 33

cpe:2.3:o:fedoraproject:fedora:33
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26813

Products

Pricing

Contact Us