CVE-2023-26302

DEB

Medium

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid…

CVSS

5.5

Medium

EPSS

0.00

p35

Published

2023-01-01

Updated

2023-01-01

Description

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

Tags · CWE

CWE-173

CWE-400

CAPEC-3

CAPEC-4

CAPEC-52

CAPEC-53

CAPEC-64

CAPEC-71

CAPEC-72

CAPEC-78

CAPEC-79

CAPEC-80

CAPEC-120

CAPEC-147

CAPEC-227

CAPEC-267

CAPEC-492

Affected products

Markdown-it-py < 2.2.0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.001 · p35

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027Obfuscated Files or Information

└ via CAPEC-267 · CWE-173

T1499Endpoint Denial of Service

└ via CAPEC-227 · CWE-400

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py		Tracked
markdown-it-py	*	Tracked

Source databases

DEB

CVE

UBU