GHSA-v973-fxgf-6xhp

Source

https://github.com/advisories/GHSA-v973-fxgf-6xhp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-v973-fxgf-6xhp/GHSA-v973-fxgf-6xhp.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-v973-fxgf-6xhp

Aliases

Published

2022-09-16T17:20:25Z

Modified

2025-02-21T05:42:25.035937Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

mako is vulnerable to Regular Expression Denial of Service

Details

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Database specific

{
    "cwe_ids": [
        "CWE-1333"
    ],
    "github_reviewed_at": "2022-09-16T17:20:25Z",
    "severity": "HIGH",
    "nvd_published_at": "2022-09-07T13:15:00Z",
    "github_reviewed": true
}

References

Affected packages

PyPI / mako

Package

Name: mako; View open source insights on deps.dev
Purl: pkg:pypi/mako

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.1.10

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.4.0

0.4.1

0.4.2

0.5.0

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.9.0

0.9.1

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.2.0

1.2.1