cpe:/a:mistune_project:mistune:0.7.4 CVE-2017-15612 2017-10-19T04:29:00.920-04:00 2017-11-07T15:34:50.167-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2017-11-03T12:11:46.490-04:00 CONFIRM https://github.com/lepture/mistune/pull/140 mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.