Homepage

pymdown-extensions@10.21.2

Extension pack for Python Markdown.

  • latest version

    10.21.3

  • latest non vulnerable version

    10.21.3

  • first published

    10 years ago

  • latest version published

    14 days ago

  • licenses detected

  • View pymdown-extensions package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the pymdown-extensions package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    pymdown-extensions is an Extension pack for Python Markdown.

    Affected versions of this package are vulnerable to Directory Traversal in the get_snippet_path function. An attacker can access arbitrary files outside the intended directory by crafting a path that exploits improper directory boundary checks. This can result in exposure of sensitive files from sibling directories when processing untrusted markdown content.

    Note: This vulnerability is a regression of CVE-2023-32309.

    How to fix Directory Traversal?

    Upgrade pymdown-extensions to version 10.21.3 or higher.

    [10.0.1,10.21.3)
    Go back to all versions of this package