Homepage

Reachable Assertion The advisory has been revoked - it doesn't affect any version of package automation-controller  (opens in a new tab)

Threat Intelligence

EPSS
0.39% (60th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL10-AUTOMATIONCONTROLLER-15564671
  • published14 Mar 2026
  • disclosed1 Jan 2025
Report a new vulnerability Found a mistake?

Introduced: 1 Jan 2025

CVE-2025-69534  (opens in a new tab)
CWE-617  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream automation-controller package and not the automation-controller package as distributed by RHEL.

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.