Source: pypy3
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for pypy3.

CVE-2025-69534[0]:
| Python-Markdown version 3.8 contain a vulnerability where malformed
| HTML-like sequences can cause html.parser.HTMLParser to raise an
| unhandled AssertionError during Markdown parsing. Because Python-
| Markdown does not catch this exception, any application that
| processes attacker-controlled Markdown may crash. This enables
| remote, unauthenticated Denial of Service in web applications,
| documentation systems, CI/CD pipelines, and any service that renders
| untrusted Markdown. The issue was acknowledged by the vendor and
| fixed in version 3.8.1. This issue causes a remote Denial of Service
| in any application parsing untrusted Markdown, and can lead to
| Information Disclosure through uncaught exceptions.

https://github.com/Python-Markdown/markdown/issues/1534
https://github.com/python/cpython/issues/77057
https://github.com/python/cpython/commit/76c0b01bc401c3e976011bbc69cec56dbebe0ad5
 (v3.15.0a1)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-69534
    https://www.cve.org/CVERecord?id=CVE-2025-69534

Please adjust the affected versions in the BTS as needed.

Reply via email to