Vulnerability	Vulnerable Version
H Infinite loop justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector strings or punctuation-heavy input, leading to repeated rescanning or non-terminating traversals. This can be achieved by passing attacker-controlled selectors to `query`, `matches`, or selector-based transforms, or by enabling linkification on large, untrusted text inputs. Programmatically constructed malformed DOM graphs from untrusted sources can also trigger these effects. How to fix Infinite loop? Upgrade `justhtml` to version 1.18.0 or higher.	[,1.18.0)

Infinite loop

justhtml is an A pure Python HTML5 parser that just works.

Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector strings or punctuation-heavy input, leading to repeated rescanning or non-terminating traversals. This can be achieved by passing attacker-controlled selectors to query, matches, or selector-based transforms, or by enabling linkification on large, untrusted text inputs. Programmatically constructed malformed DOM graphs from untrusted sources can also trigger these effects.

How to fix Infinite loop?

Upgrade justhtml to version 1.18.0 or higher.

[,1.18.0)

Go back to all versions of this package