漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
Vulnerability Description
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When parsing Markdown containing many consecutive [ characters, parse_link_text repeatedly scans the input using a regex search inside a loop. Each iteration re-scans a large portion of the remaining string, resulting in quadratic-time behavior. An attacker-controlled Markdown input can therefore trigger excessive CPU usage with a very small payload. This vulnerability is fixed in 3.3.0.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
lepture mistune 资源管理错误漏洞
Vulnerability Description
lepture mistune是lepture的Markdown解析库。 lepture mistune 3.3.0之前版本存在资源管理错误漏洞,该漏洞源于parse_link_text函数中超线性(约O(n²))行为,可能导致CPU耗尽拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A