{"id":"PYSEC-2021-20","details":"markdown2 \u003e=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.","aliases":["CVE-2021-26813","GHSA-jr9p-r423-9m2r"],"modified":"2023-11-08T04:05:22.342158Z","published":"2021-03-03T16:15:00Z","references":[{"type":"WEB","url":"https://github.com/trentm/python-markdown2/pull/387"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-jr9p-r423-9m2r"}],"affected":[{"package":{"name":"markdown2","ecosystem":"PyPI","purl":"pkg:pypi/markdown2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.0.1.18"},{"fixed":"2.4.0"}]}],"versions":["1.0.1.18","1.0.1.19","1.1.0","1.1.1","1.2.0","1.3.0","1.3.1","1.4.0","1.4.1","1.4.2","2.0.0","2.0.1","2.1.0","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9","2.3.10"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/markdown2/PYSEC-2021-20.yaml"}}],"schema_version":"1.7.3"}