The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.
| Vendor | Product | Versions |
|---|---|---|
| python | python | 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | python | cert_advisory | 90% |
Updated affected versions to include 3.14.x, changed severity to MEDIUM, and noted no exploit available.
Updated affected versions to include all versions before Python 3.15.0, changed severity to HIGH, and marked exploit as available and actively exploited.
Initial creation