CVE-2020-29651
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-29651
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29651.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-29651
- Aliases
- Downstream
- Related
- Published
- 2020-12-09T07:15:12.533Z
- Modified
- 2025-11-14T09:58:44.710599Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/
- https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
- https://github.com/pytest-dev/py/issues/256
- https://github.com/pytest-dev/py/pull/257
- https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
- https://www.oracle.com/security-alerts/cpujul2022.html
Affected packages
Git / github.com/pytest-dev/py
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pytest-dev/py
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.0.0
1.0.0b3
1.0.0b6
1.0.0b8
1.0.0b9
1.0.1
1.0.2
1.1.0
1.1.1
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.20
1.4.21
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.4
1.4.6
1.4.7
1.4.9
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0