Workflow

PyPi: Mkdocs-Material

CVE-2023-50447

Transitive

Safety vulnerability ID: 64496

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 19, 2024 Updated at May 15, 2024
Scan your Python projects for vulnerabilities →

Advisory

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Affected package

mkdocs-material

Latest version: 9.5.23

Documentation that simply works

Affected versions

Fixed versions

Vulnerability changelog

- Updated Tagalog translations
- Updated Pillow to 10.2 to mitigate security vulnerabilities
- Improved resilience of instant navigation
- Fixed 6687: Updated Mermaid.js to version 10.7.0 (latest)
- Fixed 6652: Keyboard events in custom elements captured
- Fixed 6582: Instant navigation doesn't correctly handle alternate URLs
- Fixed 6565: Instant navigation doesn't allow for `onclick` handlers
- Fixed 6345: Instant navigation sometimes breaks browser back button
- Fixed 6334: Instant navigation doesn't correctly position anchors (Safari)
- Fixed 6275: Instant navigation doesn't correctly resolve after 404
- Fixed 6102: Instant navigation reloads page on same link navigation

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.1

CVSS v3 Details

HIGH 8.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH