FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-markdown2 -- regular expression denial of service vulnerability

Affected packages
py310-markdown2 < 2.4.0
py311-markdown2 < 2.4.0
py37-markdown2 < 2.4.0
py38-markdown2 < 2.4.0
py39-markdown2 < 2.4.0


VuXML ID c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9
Discovery 2021-03-03
Entry 2023-08-31

Ben Caller reports:

markdown2 >=, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability.

If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.


CVE Name CVE-2021-26813