CVE-2017-15612
MEDIUM6.1EPSS 0.12%Cross-site Scripting in Mistune
發布日:2022/5/17修改日:2026/4/28
描述
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
受影響套件(3)
- Debian/mistunefrom 0, < 0.8-1
- PyPI/mistunefrom 0, < 0.8
- PyPI/mistunefrom 0, < 0.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-hpv5-v8g5-c864
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-15612
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-15612
- PATCHhttps://github.com/lepture/mistune
- WEBhttps://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe
- WEBhttps://github.com/lepture/mistune/pull/140
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2017-80.yaml