PYSEC-2022-42991
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/future/PYSEC-2022-42991.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2022-42991
- Aliases
- Published
- 2022-12-23T00:15:00Z
- Modified
- 2023-11-01T04:59:57.039833Z
- Summary
- [none]
- Details
-
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
- References
-
- https://pypi.org/project/future/
- https://github.com/python/cpython/pull/17157
- https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/PythonCharmers/python-future/pull/610
Affected packages
PyPI / future
Package
- Name
- future
- View open source insights on deps.dev
- Purl
- pkg:pypi/future
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.18.3
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.1.0
0.2.0
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.10.0
0.10.1
0.10.2
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.15.0
0.15.1
0.15.2
0.16.0
0.17.0
0.17.1
0.18.0
0.18.1
0.18.2