Advisories for Pypi/Pymdown-Extensions package

The original issue came through PyMdown Extensions' normal issue tracker instead of the typical security flow: https://github.com/facelessuser/pymdown-extensions/issues/2716. Because this came through the normal issue flow, it was handled as a normal issue. In the future, PyMdown Extensions will ensure such issues, even if prematurely made public through the normal issue flow, are redirected through the typical security process. The regular expression pattern in question is as follows: RE_FIG_NUM = re.compile(r'^(^)?([1-9][0-9](?:.[1-9][0-9])*)(?= …

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax –8<–"/etc/passwd" or –8<–"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base …