Skip to main content

Improper Handling of Alternate Encoding


Severity Medium
Score 5.5/10


Denial-of-service attack could be caused to markdown-it-py in versions prior to 2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

  • LOW
  • NONE
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-173 - Improper Handling of Alternate Encoding

The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

Advisory Timeline

  • Published