Bug 2175697 (CVE-2023-26302) - CVE-2023-26302 markdown-it-py: Denial of service in the command line interface due to invalid UTF-8 characters as input.
Summary: CVE-2023-26302 markdown-it-py: Denial of service in the command line interfac...
Keywords:
Status: NEW
Alias: CVE-2023-26302
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2175701 2175702 2177154
Blocks: 2172788
TreeView+ depends on / blocked
 
Reported: 2023-03-06 11:09 UTC by Vipul Nair
Modified: 2023-07-07 08:28 UTC (History)
20 users (show)

Fixed In Version: markdown-it-py 2.2.0
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability exists in markdown-it-py.An attacker could craft a payload with invalid UTF-8 characters as input to cause a crash thereby affecting the availability
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Vipul Nair 2023-03-06 11:09:53 UTC
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c

Comment 1 Vipul Nair 2023-03-06 11:17:53 UTC
Created ansible-lint tracking bugs for this issue:

Affects: fedora-all [bug 2175701]


Created python-ansible-compat tracking bugs for this issue:

Affects: fedora-all [bug 2175702]

Comment 2 Maxwell G 2023-03-06 17:39:38 UTC
Why were bugs opened against ansible-lint and python-ansible-compat when this is a problem with python-markdown-it-py? No bugs were opened against python-markdown-it-py.

Comment 3 Vipul Nair 2023-03-10 08:18:35 UTC
you are right,fixed it.Thanks

Comment 4 Vipul Nair 2023-03-10 08:20:00 UTC
Created python-markdown-it-py tracking bugs for this issue:

Affects: fedora-all [bug 2177154]


Note You need to log in before you can comment on or make changes to this bug.