GHSA-x38q-xg2h-rxgx

Опубликовано: 23 сент. 2021

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

Regular Expression Denial of Service in Leo Editor

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-23478
https://github.com/leo-editor/leo-editor/issues/1597
https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
https://github.com/advisories/GHSA-x38q-xg2h-rxgx
https://github.com/leo-editor/leo-editor
https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml

Пакеты

Наименование

leo

pip

Затронутые версииВерсия исправления

<= 6.2.1

6.3

EPSS

Процентиль: 51%

0.0028

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2020-23478

Дефекты

CWE-1333

CWE-697

Связанные уязвимости

CVE-2020-23478

CVSS3: 7.5

nvd

больше 4 лет назад

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

EPSS

Процентиль: 51%

0.0028

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2020-23478

Дефекты

CWE-1333

CWE-697