ReDoS in py library
dependabot-gitlab
has detected security vulnerability for py
in path: /
, manifest_file: /pyproject.toml
but was unable to update it!
Package | Severity | Affected versions | Patched versions | IDs |
---|---|---|---|---|
py (PIP) | MODERATE | <= 1.11.0 |
GHSA-w596-4wvx-j9j6 ,CVE-2022-42969
|
Description
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.