CVE-2022-42969

* DISPUTED * The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / python-py

Package

Name: python-py
Purl: pkg:deb/ubuntu/python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.30-2

1.4.31-1

Ubuntu:Pro:18.04:LTS / python-py

Package

Name: python-py
Purl: pkg:deb/ubuntu/python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.34-2ubuntu1

1.4.34-3

1.5.2-1

1.5.2-1ubuntu0.1

Ubuntu:20.04:LTS / python-py

Package

Name: python-py
Purl: pkg:deb/ubuntu/python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.0-1

1.8.0-1build2

1.8.1-1

1.8.1-1ubuntu0.1

Ubuntu:22.04:LTS / python-py

Package

Name: python-py
Purl: pkg:deb/ubuntu/python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-1

Ubuntu:24.04:LTS / python-py

Package

Name: python-py
Purl: pkg:deb/ubuntu/python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0-1

1.11.0-1ubuntu1

1.11.0-2