CVE-2022-42969
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-42969
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42969.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-42969
- Aliases
- Downstream
- Related
- Published
- 2022-10-16T06:15:09Z
- Modified
- 2025-07-03T02:08:39.189794Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.
- References
Affected packages
Debian:11 / python-py
Package
- Name
- python-py
- Purl
- pkg:deb/debian/python-py?arch=source
Debian:12 / python-py
Package
- Name
- python-py
- Purl
- pkg:deb/debian/python-py?arch=source
Debian:13 / python-py
Package
- Name
- python-py
- Purl
- pkg:deb/debian/python-py?arch=source
Git / github.com/pytest-dev/py
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pytest-dev/py
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.0.0
1.0.0b3
1.0.0b6
1.0.0b8
1.0.0b9
1.0.1
1.0.2
1.1.0
1.1.1
1.10.0
1.11.0
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.20
1.4.21
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.4
1.4.6
1.4.7
1.4.9
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0