CVE-2022-40023
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-40023
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40023.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-40023
- Aliases
- Downstream
- Related
- Published
- 2022-09-07T13:15:09.953Z
- Modified
- 2025-12-04T10:36:29.618828Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
- References
-
- https://lists.debian.org/debian-lts-announce/2025/12/msg00004.html
- https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21
- https://lists.debian.org/debian-lts-announce/2022/09/msg00026.html
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://pyup.io/vulnerabilities/CVE-2022-40023/50870/
- https://github.com/sqlalchemy/mako/issues/366
- https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
Affected packages
Git / github.com/sqlalchemy/mako
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sqlalchemy/mako
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
rel_0_1_0
rel_0_1_1
rel_0_1_10
rel_0_1_2
rel_0_1_3
rel_0_1_4
rel_0_1_5
rel_0_1_6
rel_0_1_7
rel_0_1_8
rel_0_1_9
rel_0_2_0
rel_0_2_1
rel_0_2_2
rel_0_2_3
rel_0_2_4
rel_0_2_5
rel_0_3_0
rel_0_3_1
rel_0_3_2
rel_0_3_3
rel_0_3_4
rel_0_3_5
rel_0_3_6
rel_0_4_0
rel_0_4_1
rel_0_4_2
rel_0_5_0
rel_0_6_0
rel_0_6_1
rel_0_6_2
rel_0_7_0
rel_0_7_1
rel_0_7_2
rel_0_7_3
rel_0_8_0
rel_0_8_1
rel_0_9_0
rel_0_9_1
rel_1_0_0
rel_1_0_1
rel_1_0_10
rel_1_0_11
rel_1_0_12
rel_1_0_13
rel_1_0_14
rel_1_0_2
rel_1_0_3
rel_1_0_4
rel_1_0_5
rel_1_0_6
rel_1_0_7
rel_1_0_8
rel_1_0_9
rel_1_1_0
rel_1_1_1
rel_1_1_2
rel_1_1_3
rel_1_1_4
rel_1_1_5
rel_1_2_0
rel_1_2_1