VDB
PYSEC-2020-92
PYSEC-2020-92
PUBLISHED
CVSS 8.699999809265137 HIGH
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | py | 0, 0.8.0-alpha2, 0.9.0 |
Timeline
- Dec 9, 2020 CVE Published
- Nov 8, 2023 CVE Updated
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/ url
- https://github.com/advisories/GHSA-hj5v-574p-mj7c advisory
- https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 fix
- https://github.com/pytest-dev/py/issues/256 discussion
- https://github.com/pytest-dev/py/pull/257 fix