GHSA-hj5v-574p-mj7c

Suggest an improvement
Source
https://github.com/advisories/GHSA-hj5v-574p-mj7c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-hj5v-574p-mj7c/GHSA-hj5v-574p-mj7c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hj5v-574p-mj7c
Aliases
Published
2021-04-20T16:39:57Z
Modified
2024-10-21T21:26:04.681876Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
py vulnerable to Regular Expression Denial of Service
Details

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

References

Affected packages

PyPI / py

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.0

Affected versions

0.*

0.8.0-alpha2
0.9.0
0.9.1
0.9.2

1.*

1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7.dev3
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32.dev1
1.4.32
1.4.33
1.4.34
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0