pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

GHSA-5jqp-885w-xj32 · CVE-2022-42964

Published Nov 10, 2022 · Modified Feb 21, 2024

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-42964
WEB https://github.com/materialsproject/pymatgen/issues/2755
PACKAGE https://github.com/materialsproject/pymatgen
WEB https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes