Описание
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 5.0.8-3 |
| esm-infra-legacy/trusty | released | 4.7.2+ds-5ubuntu0.1~esm1 |
| esm-infra/bionic | released | 5.0.6-2ubuntu0.18.04.1~esm1 |
| esm-infra/focal | released | 5.0.6-4ubuntu0.1 |
| esm-infra/xenial | released | 5.0.6-2ubuntu0.16.04.1~esm1 |
| focal | released | 5.0.6-4ubuntu0.1 |
| jammy | released | 5.0.6-5ubuntu0.1 |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was deferred |
Показывать по
EPSS
3.7 Low
CVSS3
Связанные уязвимости
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
All versions of the package configobj are vulnerable to Regular Expres ...
EPSS
3.7 Low
CVSS3