Medium severity6.1NVD Advisory· Published Oct 19, 2017· Updated Jun 17, 2026
CVE-2017-15612
CVE-2017-15612
Description
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mistunePyPI | < 0.8 | 0.8 |
Affected products
3- cpe:2.3:a:mistune_project:mistune:0.7.4:*:*:*:*:*:*:*
- ghsa-coords2 versions
< 0.8+ 1 more
- (no CPE)range: < 0.8
- (no CPE)range: < 3.0.2-2.5
Patches
Vulnerability mechanics
References
5- github.com/lepture/mistune/pull/140nvdExploitIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-hpv5-v8g5-c864ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15612ghsaADVISORY
- github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630feghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2017-80.yamlghsaWEB
News mentions
0No linked articles in our index yet.