FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-01 20:12:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cf6f3465-e996-4672-9458-ce803f29fdb7py-markdown2 -- XSS vulnerability

TheGrandPew reports:

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds.

For example, an attack might use elementname@ or elementname- with an onclick attribute.


Discovery 2020-04-20
Entry 2023-08-31
py37-markdown2
py38-markdown2
py39-markdown2
py310-markdown2
py311-markdown2
< 2.3.9

CVE-2020-11888
https://osv.dev/vulnerability/PYSEC-2020-65
https://osv.dev/vulnerability/GHSA-fv3h-8x5j-pvgq
c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9py-markdown2 -- regular expression denial of service vulnerability

Ben Caller reports:

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability.

If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.


Discovery 2021-03-03
Entry 2023-08-31
py37-markdown2
py38-markdown2
py39-markdown2
py310-markdown2
py311-markdown2
< 2.4.0

CVE-2021-26813
https://osv.dev/vulnerability/PYSEC-2021-20
https://osv.dev/vulnerability/GHSA-jr9p-r423-9m2r