Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-w596-4wvx-j9j6] ReDoS in py library #761

Merged
merged 1 commit into from
Oct 19, 2022
Merged

[GHSA-w596-4wvx-j9j6] ReDoS in py library #761

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions advisories/github-reviewed/2022/10/GHSA-w596-4wvx-j9j6/GHSA-w596-4wvx-j9j6.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.3.0",
"id": "GHSA-w596-4wvx-j9j6",
"modified": "2022-10-18T18:03:13Z",
"modified": "2022-10-19T07:59:30Z",
"published": "2022-10-16T12:00:23Z",
"aliases": [
"CVE-2022-42969"
],
"summary": "ReDoS in py library",
"details": "The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.",
"details": "The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.\n\n**NOTE:** The affected code is unlikely to be in any production use. In particular, is is *not* used by pytest, which is by far the biggest reverse dependency of the `py` library.",
"severity": [
{
"type": "CVSS_V3",
Expand Down