CNNVD-202512-2791 Information
CNNVD ID
CNNVD-202512-2791
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
PyMdown Extensions是Isaac Muse个人开发者的一个Python Markdown的扩展集合。 PyMdown Extensions 10.16.1之前版本存在安全漏洞,该漏洞源于figure caption扩展存在ReDOS漏洞,可能导致处理恶意负载时长时间挂起。
Description (English)
PyMdown Extensions is an extended collection of Python Markdown by Isaac Muse personal developers. There was a security loophole in the pre-PyMdown Extensions 10.16.1 version, which originated from the Figure Caption extension with the REDOS loophole, which could lead to long-term hang-ups during the handling of malicious loads.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-16
Last Modified
2026-02-24
References
https://github.com/facelessuser/pymdown-extensions/commit/b50d15a56850ed1408a284bba81cc019c6bd72e8 https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq https://pypi.org/project/pymdown-extensions/10.16.1
Patch
https://facelessuser.github.io/pymdown-extensions/
Share on: