Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26302: 🐛 FIX: CLI crash on non-utf8 character (#247) · executablebooks/markdown-it-py@53ca3e9

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

CVE
Open in Source
#vulnerability#dos#js#git

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this organization All GitHub

  • In this repository All GitHub

Sign in

Sign up

executablebooks / markdown-it-py Public

  • Notifications
  • Fork 54
  • Star 427
  • Code
  • Issues 17
  • Pull requests 4
  • Actions
  • Security
  • Insights

More

Permalink

Browse files

🐛

FIX: CLI crash on non-utf8 character (#247)

Addresses CVE-2023-26302

  • Loading branch information

chrisjsewell committed

Feb 22, 2023

1 parent 6491bc2 commit 53ca3e9

Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.

    • parse.py
    • test_cli.py

2 markdown_it/cli/parse.py

Show comments View file

@@ -35,7 +35,7 @@ def convert_file(filename: str) -> None:

Parse a Markdown file and dump the output to stdout.

“"”

try:

with open(filename, “r”) as fin:

with open(filename, “r", encoding="utf8", errors="ignore”) as fin:

rendered = MarkdownIt().render(fin.read())

print(rendered, end="")

except OSError:

7 tests/test_cli.py

Show comments View file

@@ -20,6 +20,13 @@ def test_parse_fail():

assert exc_info.value.code == 1

def test_non_utf8():

with tempfile.TemporaryDirectory() as tempdir:

path = pathlib.Path(tempdir).joinpath(“test.md”)

path.write_bytes(b"\x80abc")

assert parse.main([str(path)]) == 0

def test_print_heading():

with patch(“builtins.print”) as patched:

parse.print_heading()

0 comments on commit 53ca3e9

Please sign in to comment.

Related news

GHSA-jrwr-5x3p-hvc3: markdown-it-py Denial of Service vulnerability in the command line interface

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE