Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-42966

Опубликовано: 09 нояб. 2022
Источник: debian
EPSS Низкий

Описание

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-cleonot-affectedpackage

Примечания

  • https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/

  • https://github.com/python-poetry/cleo/issues/284

  • Introduced with: https://github.com/python-poetry/cleo/commit/de55578da25c6b1736b8b818f21c1bacf7c2475d (1.0.0a1)

  • Fixed by: https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455

EPSS

Процентиль: 32%
0.00124
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-42966

CVSS3: 5.9
ubuntu
около 3 лет назад

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

nvd логотип

CVE-2022-42966

CVSS3: 5.9
nvd
около 3 лет назад

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

github логотип

GHSA-2p9h-ccw7-33gf

CVSS3: 5.9
github
около 3 лет назад

cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

EPSS

Процентиль: 32%
0.00124
Низкий