Описание
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-42966
- https://github.com/python-poetry/cleo/pull/285
- https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455
- https://github.com/pypa/advisory-database/tree/main/vulns/cleo/PYSEC-2022-43178.yaml
- https://github.com/python-poetry/cleo/releases/tag/2.0.0
- https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186
Пакеты
Наименование
cleo
pip
Затронутые версииВерсия исправления
< 2.0.0
2.0.0
Связанные уязвимости
CVSS3: 5.9
ubuntu
около 3 лет назад
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method
CVSS3: 5.9
nvd
около 3 лет назад
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method
CVSS3: 5.9
debian
около 3 лет назад
An exponential ReDoS (Regular Expression Denial of Service) can be tri ...