CVE-2022-40023
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-40023
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40023.json
- Aliases
- Related
- Published
- 2022-09-07T13:15:09Z
- Modified
- 2023-11-29T09:51:28.879788Z
- Details
-
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
- References
-
- https://lists.debian.org/debian-lts-announce/2022/09/msg00026.html
- https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
- https://github.com/sqlalchemy/mako/issues/366
- https://pyup.io/vulnerabilities/CVE-2022-40023/50870/
Affected packages
Alpine:v3.16 / py3-mako
Package
- Name
- py3-mako
Alpine:v3.17 / py3-mako
Package
- Name
- py3-mako
Alpine:v3.18 / py3-mako
Package
- Name
- py3-mako
Git / github.com/sqlalchemy/mako
Affected versions
Other
rel_0_1_0
rel_0_1_1
rel_0_1_10
rel_0_1_2
rel_0_1_3
rel_0_1_4
rel_0_1_5
rel_0_1_6
rel_0_1_7
rel_0_1_8
rel_0_1_9
rel_0_2_0
rel_0_2_1
rel_0_2_2
rel_0_2_3
rel_0_2_4
rel_0_2_5
rel_0_3_0
rel_0_3_1
rel_0_3_2
rel_0_3_3
rel_0_3_4
rel_0_3_5
rel_0_3_6
rel_0_4_0
rel_0_4_1
rel_0_4_2
rel_0_5_0
rel_0_6_0
rel_0_6_1
rel_0_6_2
rel_0_7_0
rel_0_7_1
rel_0_7_2
rel_0_7_3
rel_0_8_0
rel_0_8_1
rel_0_9_0
rel_0_9_1
rel_1_0_0
rel_1_0_1
rel_1_0_10
rel_1_0_11
rel_1_0_12
rel_1_0_13
rel_1_0_14
rel_1_0_2
rel_1_0_3
rel_1_0_4
rel_1_0_5
rel_1_0_6
rel_1_0_7
rel_1_0_8
rel_1_0_9
rel_1_1_0
rel_1_1_1
rel_1_1_2
rel_1_1_3
rel_1_1_4
rel_1_1_5
rel_1_2_0
rel_1_2_1