Skip to main content

Improper Handling of Alternate Encoding

CVE-2023-26302

Severity Medium
Score 5.5/10

Summary

Denial of service could be caused to the command line interface of markdown-it-py, prior to v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-173 - Improper Handling of Alternate Encoding

The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

Advisory Timeline

  • Published