ГлавнаяУязвимости → CVE-2026-15308
7.5высокая

CVE-2026-15308

Описание

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

Затрагиваемое ПО
Python Python
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://github.com/python/cpython/commit/07efb08123ba9367a7107325adb9d5626dca1ca9https://github.com/python/cpython/commit/7933f4bf7131aa4140750f9404f5de0aa2969cedhttps://github.com/python/cpython/commit/bcf98ddbc40ec9b3ee87da0124a5660b19b7e606https://github.com/python/cpython/commit/e9f92ac0b298292e7ff998e52cb8ccacfb27a0bdhttps://github.com/python/cpython/issues/153030https://github.com/python/cpython/pull/153031https://mail.python.org/archives/list/security-announce@python.org/thread/F6453LWKSHKCTWFLCOURWPLETNUIW2Z5/http://www.openwall.com/lists/oss-security/2026/07/09/4