Vulnerability Details CVE-2022-34749
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
- https://github.com/lepture/mistune/releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63/
- https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
- https://github.com/lepture/mistune/releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63/
Products affected by CVE-2022-34749
-
cpe:2.3:a:mistune_project:mistune:0.1.0
-
cpe:2.3:a:mistune_project:mistune:0.2.0
-
cpe:2.3:a:mistune_project:mistune:0.3.0
-
cpe:2.3:a:mistune_project:mistune:0.3.1
-
cpe:2.3:a:mistune_project:mistune:0.4
-
cpe:2.3:a:mistune_project:mistune:0.4.1
-
cpe:2.3:a:mistune_project:mistune:0.5
-
cpe:2.3:a:mistune_project:mistune:0.5.1
-
cpe:2.3:a:mistune_project:mistune:0.6
-
cpe:2.3:a:mistune_project:mistune:0.7
-
cpe:2.3:a:mistune_project:mistune:0.7.1
-
cpe:2.3:a:mistune_project:mistune:0.7.2
-
cpe:2.3:a:mistune_project:mistune:0.7.3
-
cpe:2.3:a:mistune_project:mistune:0.7.4
-
cpe:2.3:a:mistune_project:mistune:0.8
-
cpe:2.3:a:mistune_project:mistune:0.8.1
-
cpe:2.3:a:mistune_project:mistune:0.8.2
-
cpe:2.3:a:mistune_project:mistune:0.8.3
-
cpe:2.3:a:mistune_project:mistune:0.8.4
-
cpe:2.3:o:fedoraproject:fedora:37