VYPR

Mistune

by Mistune Project

pypi: mistune

Source repositories

CVEs (2)

  • CVE-2017-16876MedDec 29, 2017
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

  • CVE-2017-15612MedOct 19, 2017
    risk 0.33cvss 6.1epss 0.01

    mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.