Mistune Project: >> Mistune >> 0.7.4 Security Vulnerabilities
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-25
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-12-29
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-10-19