VDB
CVE-2020-5236
CVE-2020-5236
PUBLISHED
CVSS 5.699999809265137 MEDIUM
Catastrophic backtracking in regex allows Denial of Service in Waitress
EPSS 13.33% · 94.3th percentile
Risk Scores
CVSS 3.1
5.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
EPSS Score
13.33%
94.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | waitress | 1.4.2, 1.4.2 |
| Pylons | Waitress | = 1.4.2 |
| agendaless | waitress | 1.4.2 |
Exploit Intelligence
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- Waitress 1.4.2 ReDoS - CVE-2020-5236 (Blog Sample Code) (github-poc)
- https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc (circl)
- https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f (circl)
Timeline
- Feb 4, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
References
- https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc url
- https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f url
- https://nvd.nist.gov/vuln/detail/CVE-2020-5236 advisory
- https://github.com/Pylons/waitress package
- https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2020-155.yaml url