Improper Handling of Alternate Encoding

CVE-2023-26302

Medium

5.5/10

Summary

Denial of service could be caused to the command line interface of markdown-it-py, prior to v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-173 - Improper Handling of Alternate Encoding

The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Feb 22, 2023

Improper Handling of Alternate Encoding

CVE-2023-26302

Summary

CWE-173 - Improper Handling of Alternate Encoding

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS