CVE-2022-34749
HIGHmistune < 2.0.2 - Inefficient Regular Expression Complexity
Title source: llmDescription
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63/
Patch, Third Party Advisory
https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
Release Notes, Third Party Advisory
https://github.com/lepture/mistune/releases
Scores
CVSS v3
7.5
EPSS
0.0119
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-1333
Status
published
Products (3)
fedoraproject/fedora
37
mistune_project/mistune
< 2.0.2
pypi/mistune
2.0.0a1 - 2.0.3PyPI
Published
Jul 25, 2022
Tracked Since
Feb 18, 2026