Описание
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)).
Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
A flaw was found in python-configobj via the Validator function at python-configobj/validate.py. This issue only occurs in the case of a developer putting the offending value in a server side configuration file, which could lead to a Regular Expression Denial of Service (ReDoS).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | python-configobj | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-configobj | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python-configobj | Will not fix | ||
| Red Hat Enterprise Linux 9 | python-configobj | Will not fix | ||
| Red Hat OpenShift Dev Spaces | devspaces-udi-container | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
All versions of the package configobj are vulnerable to Regular Expres ...
EPSS
5.9 Medium
CVSS3