markdown2
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting markdown2page 1 of 1
- CVE-2009-3724MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.0.1.142020-01-15
vulnerable: 1.0.1.10 ... 1.0.1.9 (8 versions)
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.
- CVE-2018-5773MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.3.62018-01-18
vulnerable: 1.0.1.10 ... 2.3.5 (35 versions)
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be tr…
- CVE-2020-11888MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.3.92020-04-20
vulnerable: 1.0.1.6 ... 2.3.8 (38 versions)
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
- CVE-2021-26813HIGHCVSS 7.5EG 7.5✓ Fixed in 2.4.02021-03-03
vulnerable: 1.0.1.18 ... 2.3.10 (28 versions)
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
Check whether markdown2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for markdown2 CVEs against the assets you own.
Start Free Scan →