MEDIUM 5.9 PyPI
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
GHSA-2p9h-ccw7-33gf · CVE-2022-42966 · PYSEC-2022-43178
Published · Modified
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-42966
- WEB https://github.com/python-poetry/cleo/pull/285
- WEB https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455
- ADVISORY https://github.com/advisories/GHSA-2p9h-ccw7-33gf
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/cleo/PYSEC-2022-43178.yaml
- PACKAGE https://github.com/python-poetry/cleo
- WEB https://github.com/python-poetry/cleo/releases/tag/2.0.0
- WEB https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186
Ready to move
Start Securing
Free, no credit card | First findings in minutes