{"id":"CVE-2021-26813","details":"markdown2 \u003e=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.","aliases":["GHSA-jr9p-r423-9m2r","PYSEC-2021-20"],"modified":"2026-03-15T22:39:43.704211Z","published":"2021-03-03T16:15:13.197Z","related":["openSUSE-SU-2021:0429-1","openSUSE-SU-2021:0451-1","openSUSE-SU-2024:11237-1","openSUSE-SU-2024:14146-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/"},{"type":"EVIDENCE","url":"https://github.com/trentm/python-markdown2/pull/387"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/trentm/python-markdown2","events":[{"introduced":"6d11f0f1ef9e112faeaf8028f631d2f825f991a6"},{"fixed":"31491857f247f553c4006b7ef55823deefb9e8e9"}],"database_specific":{"versions":[{"introduced":"1.0.1.18"},{"fixed":"2.4.0"}]}}],"versions":["1.0.1.18","1.0.1.19","1.1.0","1.1.1","1.2.0","1.3.0","1.3.1","1.4.0","1.4.1","1.4.2","2.0.0","2.0.1","2.1.0","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.10","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26813.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}