{"id":"PYSEC-2022-237","details":"In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.","aliases":["CVE-2022-34749","GHSA-fw3v-x4f2-v673"],"modified":"2023-11-01T04:59:17.278752Z","published":"2022-07-25T23:15:00Z","references":[{"type":"FIX","url":"https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2"},{"type":"WEB","url":"https://github.com/lepture/mistune/releases"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-fw3v-x4f2-v673"}],"affected":[{"package":{"name":"mistune","ecosystem":"PyPI","purl":"pkg:pypi/mistune"},"ranges":[{"type":"GIT","repo":"https://github.com/lepture/mistune","events":[{"introduced":"0"},{"fixed":"a6d43215132fe4f3d93f8d7e90ba83b16a0838b2"}]},{"type":"ECOSYSTEM","events":[{"introduced":"2.0.0a1"},{"fixed":"2.0.3"}]}],"versions":["2.0.0","2.0.0a1","2.0.0a2","2.0.0a3","2.0.0a4","2.0.0a5","2.0.0a6","2.0.0rc1","2.0.1","2.0.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mistune/PYSEC-2022-237.yaml"}}],"schema_version":"1.7.3"}