Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from every potential opening run, allowing denial of service in default Mistune parsing. This issue is fixed in version 3.3.0.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Lepture
Lepture mistune |
|
| Vendors & Products |
Lepture
Lepture mistune |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from every potential opening run, allowing denial of service in default Mistune parsing. This issue is fixed in version 3.3.0. | |
| Title | inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs | |
| Weaknesses | CWE-1333 CWE-407 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T19:44:48.084Z
Reserved: 2026-07-07T18:20:06.126Z
Link: CVE-2026-59925
Updated: 2026-07-08T19:44:45.485Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T17:30:03Z