{ "affected": [ { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:11", "name": "pypy3" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:12", "name": "pypy3" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:13", "name": "pypy3" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:14", "name": "pypy3" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "end-of-life" }, "package": { "ecosystem": "Debian:11", "name": "python2.7" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:12", "name": "python3.11" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:13", "name": "python3.13" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.13.4-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:14", "name": "python3.13" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.13.4-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:11", "name": "python3.9" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "details": "Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.", "id": "DEBIAN-CVE-2025-69534", "modified": "2026-03-13T08:48:18.682648750Z", "published": "2026-03-05T15:16:11.243Z", "references": [ { "type": "ADVISORY", "url": "https://security-tracker.debian.org/tracker/CVE-2025-69534" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "upstream": [ "CVE-2025-69534" ] }