Well, it was reported after I opened this issue, and upstream doesn't consider this a real security issue in mkdocs. Please don't request CVEs for invalid bugs, and also please don't request CVEs that haven't been reported to upstream. It really should be a requirement that the issue is reported upstream to request a CVE.
Did you report this upstream?
The text was updated successfully, but these errors were encountered: