GHSA-v3c5-jqr6-7qm8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v3c5-jqr6-7qm8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-v3c5-jqr6-7qm8/GHSA-v3c5-jqr6-7qm8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v3c5-jqr6-7qm8
- Aliases
- Published
- 2022-12-23T00:30:23Z
- Modified
- 2024-02-20T05:33:28.795305Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Python Charmers Future denial of service vulnerability
- Details
-
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. This issue has been patched in version 0.18.3.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-40899
- https://github.com/PythonCharmers/python-future/pull/610
- https://github.com/python/cpython/pull/17157
- https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f
- https://github.com/PythonCharmers/python-future
- https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215
- https://pypi.org/project/future
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Affected packages
PyPI / future
Package
- Name
- future
- View open source insights on deps.dev
- Purl
- pkg:pypi/future
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.18.3
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.1.0
0.2.0
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.10.0
0.10.1
0.10.2
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.15.0
0.15.1
0.15.2
0.16.0
0.17.0
0.17.1
0.18.0
0.18.1
0.18.2