GHSA-hj5v-574p-mj7c

Source

https://github.com/advisories/GHSA-hj5v-574p-mj7c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-hj5v-574p-mj7c/GHSA-hj5v-574p-mj7c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hj5v-574p-mj7c

Aliases

Published

2021-04-20T16:39:57Z

Modified

2024-10-21T21:24:40.526724Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

py vulnerable to Regular Expression Denial of Service

Details

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

References

Affected packages

PyPI / py

Package

Name: py; View open source insights on deps.dev
Purl: pkg:pypi/py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.0

Affected versions

0.*

0.8.0-alpha2

0.9.0

0.9.1

0.9.2

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7.dev3

1.4.7

1.4.8

1.4.9

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.17

1.4.18

1.4.19

1.4.20

1.4.21

1.4.22

1.4.23

1.4.24

1.4.25

1.4.26

1.4.27

1.4.28

1.4.29

1.4.30

1.4.31

1.4.32.dev1

1.4.32

1.4.33

1.4.34

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.7.0

1.8.0

1.8.1

1.8.2

1.9.0