Published: 25/07/2022 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

In mistune up to and including 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mistune project mistune
fedoraproject fedora 37

Debian Bug report logs - #1016089 mistune: CVE-2022-34749 Package: src:mistune; Maintainer for src:mistune is Debian Python Modules Team <team+python@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 26 Jul 2022 20:39:02 UTC Severity: grave Tags: security Fixed in version mistune/204 ...

CWE-1333 https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 https://github.com/lepture/mistune/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016089 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-34749

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect