PYSEC-2022-42969 — Vulnetix

PYSEC-2022-42969 PUBLISHED CVSS 8.699999809265137 HIGH

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	py	0, 0.8.0-alpha2, 0.9.0

Timeline

Nov 4, 2022 CVE Published
Nov 8, 2023 CVE Updated

References

https://github.com/advisories/GHSA-w596-4wvx-j9j6 advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-42969 url
https://github.com/pytest-dev/py/issues/287 discussion
https://github.com/pytest-dev/py/issues/288 discussion
https://github.com/pytest-dev/pytest/issues/10392 discussion

Open in Interactive Console →