cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
dependabot-gitlab
has detected security vulnerability for cleo
in path: /
, manifest_file: /pyproject.toml
but was unable to update it!
Package | Severity | Affected versions | Patched versions | IDs |
---|---|---|---|---|
cleo (PIP) | MODERATE | <= 1.0.0a5 |
GHSA-2p9h-ccw7-33gf ,CVE-2022-42966
|
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.