CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

References

Affected packages

Git / github.com/pytest-dev/py

Affected ranges

Type

GIT

Repo

https://github.com/pytest-dev/py

Events

Introduced

Last affected

b344f5b51fd3ec260d180d93e43b4796f1da57b9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.0b3

1.0.0b6

1.0.0b8

1.0.0b9

1.0.1

1.0.2

1.1.0

1.1.1

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4.0

1.4.1

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.17

1.4.18

1.4.19

1.4.2

1.4.20

1.4.21

1.4.23

1.4.24

1.4.25

1.4.26

1.4.27

1.4.28

1.4.29

1.4.3

1.4.30

1.4.31

1.4.32

1.4.33

1.4.34

1.4.4

1.4.6

1.4.7

1.4.9

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.7.0

1.8.0

1.8.1

1.8.2

1.9.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.8"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29651.json"