Vulnerability Description
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Markdown2 Project | Markdown2 | >= 1.0.1.18, < 2.4.0 |
| Fedoraproject | Fedora | 32 |
Related Weaknesses (CWE)
References
- https://github.com/trentm/python-markdown2/pull/387ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/trentm/python-markdown2/pull/387ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2021-26813?
CVE-2021-26813 is a vulnerability with a CVSS score of 7.5 (HIGH). markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or del...
How severe is CVE-2021-26813?
CVE-2021-26813 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26813?
Check the references section above for vendor advisories and patch information. Affected products include: Markdown2 Project Markdown2, Fedoraproject Fedora.